Reputation: 1402
Java SSL/TLS Version Setting
Since Java 7 by default uses TLS 1.0, I would like to upgrade it to TLS1.2 for security enhancement [https only]. From oracle site (https://www.oracle.com/technetwork/java/javase/documentation/cve-2014-3566-2342133.html), it tells me I can simply do either of the following:
java.lang.System.setProperty("https.protocols", "TLSv1,TLSv1.1,TLSv1.2");
OR
java -Dhttps.protocols="TLSv1,TLSv1.1,TLSv1.2"
Both of the methods work pretty well.
But I would like to ask why do I need to specify all TLS version here. How does this differs from
java -Dhttps.protocols="TLSv1.2"?
Is specifying all TLS version allows to communicate with different servers which uses different TLS version? In addition, does the order matters here? What if it is
java -Dhttps.protocols="TLSv1.2,TLSv1,TLSv1.1"?
Will the behavior be different?
Upvotes: 1
Views: 2484
Answers (1)
Reputation: 1207
Your assumption is right. When you specify
java -Dhttps.protocols="TLSv1.2"
you will be able to communicate only with clients which support TLSv1.2.
But when you have a list there
java -Dhttps.protocols="TLSv1.2,TLSv1,TLSv1.1"
You will have a higher chance to be able to communicate with multiple clients which support those different versions. What is important to know is that the strongest version supported by both will be chosen during the handshake negotiation. (so the order in which you defined them is not important)
Upvotes: 4
Related Questions
- How to find what SSL/TLS version is used in Java
- How do I set SSL protocol version in java? And how do I know which one? javax.net.ssl.SSLException: Received fatal alert: protocol_version
- TLS versions for Java in Oracle Database
- How to set TLS version on apache HttpClient
- TLS 1.2 on Java 6
- How to set TLS1.2 version in Java
- Using TLS 1.2 from java 6
- Java 7 SSL changes with Java 6
- Force SSL/TLS version for Java RMI server/client
- SSL connection with specific protocol version