Reputation: 3441
Error message "The server selected protocol version TLS10 is not accepted by client preferences"
I am trying to run this JNLP file on Windows 10 to connect to a server (actually, I am connecting to a dedicated server via KVM over IPMI (IPKVM) or whatever it is called, so I can install a new operating system).
I am getting error
The server selected protocol version TLS10 is not accepted by client preferences.
Is there something I need to do in Java client to fix the error?
Upvotes: 53
Views: 205244
Answers (12)
Reputation: 2869
I had this issue recently, it was because I was trying to connect to an old version of Microsoft SQL Server (2012, ver. 11.00.3156) using the latest version of the SQL Server JDBC Driver (ver. 12.2.0) with a newer version JDK (ver. 11.0.15).
It happens because newer version of JDK by default disable some old security algorithms like TLSv1.0 (in favor of newer like TLSv1.2/TLSv1.3) which the old SQL Server is requiring as security algorithm.
To solve the issue I changed the JDBC driver to an older version 8.2.2 and I had to pass some java security VM options to the JDK to override some security configs and remove TLSV1.0 from the disabled algorithms
VM options to pass to JDK
-Djdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL
(note that TLSv1.0 and TLSv1.1 are removed from the original JDK list)
Doing that I managed to successfully connect to the old SQL Server 2012. Hope this help you
Upvotes: 0
Reputation: 9318
On Linux but, Java being cross platform, I believe the main options I used still apply. I had the same errors as OP and an additional one about a self-signed jar. I've revised this based on the easier method from this answer. To use the tool to connect and install/manage the OS:
- I first downloaded an old JDK and saved it in its own location (
/usr/local/lib/jvm/jre1.8.0_x/wherexis the actual version number), without adding it to$PATH. I didn't want the outdated version to be used by default for anything. - Within that JRE directory base, I copied
lib/security/java.securitytolib/security/java-old-tls.security, so the defaults remain untouched for reference. I opened the latter for editing and deleted the old TLS versions from the list injdk.tls.disabledAlgorithms, and saved. - I ran
/usr/local/lib/jvm/jre1.8.0_x/bin/javaws -viewer, then Esc'd out of the cache viewer dialogue, to show the main settings dialogue behind it. I added the servers to the Exception Site List under the Security tab, e.g.https://10.24.12.6/, then enabled the old TLS versions at the bottom of the Advanced tab and clicked OK. - I then ran the following command to execute the downloaded
.jnlp. The environment variable is set inline so it's used only for that one run rather than using a global setting or affecting the entire shell. In Windows, you probably have to set that environment variable separately, which would affect all subsequent invocations ofjava,javaws, etc. in that running shell, but the values should be the similar._JAVA_OPTIONS='-Djava.security.properties=/usr/local/lib/jvm/jre1.8.0_x/lib/security/java-old-tls.security' /usr/local/lib/jvm/jre1.8.0_x/bin/javaws jviewer.jnlp
This causes Java to show warning dialogues rather than blocking the app from loading entirely.
Upvotes: 0
Reputation: 65
the solution look the video for java 11
The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]
https://www.youtube.com/watch?v=ynEQM-W8RkU
Upvotes: -1
Reputation: 159
The first thing to do: Go to folder C:\Program Files\Java\jre1.8.0_291\lib\security. In the java.security file, find option jdk.tls.disabledAlgorithms and delete TLSv1.
If it still doesn't work, make sure that the line:
deployment.security.TLSv1=true
exists in file C:\Users\JavaUser\AppData\LocalLow\Sun\Java\Deployment\deployment.properties.
Upvotes: 12
Reputation: 3
If you are using eclipse first check the path of jre used by eclipse.
For knowing the path of JRE used by eclipse you can follow the below steps.
(project>properties>java build path> libraries).
click on JRE system library>edit>installed JREs
Now it will display the path of JRE currently used by eclipse.
Go to JRE>conf>security and
open java.security file and remove TLSv1 from the property jdk.tls.disabledAlgorithms
Upvotes: 0
Reputation: 3184
I know this is a Windows 10 related question, but just in case somebody is looking for an answer. I found this helpful hint here.
For RedHat based JVMs (e.g. Docker image registry.redhat.io/ubi8/openjdk-11-runtime) you have to remove TLSv1 from the property jdk.tls.disabledAlgorithms in:
/etc/crypto-policies/back-ends/java.config
as modifying the java.security file alone, will not solve the issue.
Upvotes: 3
Reputation: 146
You can set it in JRE inside SoapUI (if you are using it): Remove "TLSv1, TLSv1.1" from "jdk.tls.disabledAlgorithms" property in file ${soapui_home}/jre/conf/securityjava.security.
Upvotes: 4
Reputation: 21
Go to Control Panel, Program. Click on Java (Java control Panel), go to Advanced, scroll down and check TLS 1.0 and TLS 1.1.
Close your program and start it again.
Upvotes: 1
Reputation: 1009
Go to folder C:\Program Files (x86)\Java\jre1.8.0_291\lib\security.
In file java.security, find option jdk.tls.disabledAlgorithms and delete TLSv1.
Upvotes: 90
Reputation: 15
Problem: TLS 1.0 is not supported in Java 1.8 and above. To connect to SQL Server 2014 and below servers, you need to send TLS 1.0 connection.
Solution: if you downgrade your project to Java 1.7 version this problem will be solved. The JDBC driver version you are using should be 4.2.
Solution for Java 1.7 SSL connection issue:
You will get an error when you query websites with SSL certificate in Java 1.7 version. To fix this error; Download the site’s .cer certificate. Next (note we are talking about JRE file here), write “keytool” in the carsets file at %path_java_jre\lib\security. Your connection problem will disappear.
Upvotes: -3
Reputation: 61
Don't update to Java 11. Nowadays TLS 1.0 is outdated. The sites using TLS 1.0 and TLS 1.1 certificates for encryption will be marked as insecure in browsers.
So better to update the Transport Layer Security (TLS) version in SQL Server.
Please follow the pages:
Upvotes: 6
Reputation: 1461
It appears that the latest update of Java 11 has disabled TLS 1.0 and TLS 1.1.
Here is the detailed documentation on how to enable it again: TLS 1.0/1.1 changes in OpenJDK and Amazon Corretto
Apparently, I was caught in this issue because of a JDK update today and had hard time finding it. This can help.
Upvotes: 18
Related Questions
- javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]
- Java (javaws.exe) TLS10 is not accepted by client preferences [TLS12]
- While Establishing SSL between IBM MQ and JMS client,recieving "com.ibm.mq.jmqi.JmqiException: CC=2;RC=2059;AMQ9503: Channel negotiation failed" error
- No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
- TLS 1.3 handshake failure when using OpenJDK 14 java module runtime
- "java.io.EOFException: SSL peer shut down incorrectly" thrown when not using SSL
- Fails to connect through JMX+SSL from VisualVM
- Supermirco IPMI KVM: remote connection without webbrowser
- JMS connection handshake is failing for SSLCipherSuite SSL_RSA_WITH_3DES_EDE_CBC_SHA
- Client requested protocol SSLv3 not enabled or not supported (IBM JDK 6.0SR10)