-
1. Re: TLSv1.1/1.2 not working with JDK7
pjhavariotis Mar 30, 2016 1:24 AM (in response to praneshinjboss)First of all, I would like to mention that JBoss 3 is very old and you should start considering an upgrade plan.
As you know, support for TLS is provided by the JDK, not JBoss.
However the connector must allow the use of the protocols through a valid configuration. I am pretty sure that Jboss 3 does not support TLSv1.1/1.2.
You can enable SSL debug logging by using the following system property "-Djavax.net.debug=ssl" and see exactly what is going on.
-
2. Re: TLSv1.1/1.2 not working with JDK7
praneshinjboss Mar 30, 2016 2:28 PM (in response to pjhavariotis)Thank you for the response. I tried enabling the debug in jboss & I see TLSv1 connection is sent instead of their higher version.
As you said support for TLS is provided by the JDK, not JBoss, how does JBoss comes into the picture of not supporting, Sorry not understanding this part.
-
3. Re: TLSv1.1/1.2 not working with JDK7
hablutzel1 Dec 20, 2016 11:48 PM (in response to praneshinjboss)Maybe your WS client library (or dependencies) is hardcoding the TLSv1 as it the case with libraries like Apache HttpClient 4.2.5 which hardcodes the usage of TLSv1 by default (tested on Java 7 only).
-
4. Re: TLSv1.1/1.2 not working with JDK7
mchoma Dec 21, 2016 3:07 AM (in response to praneshinjboss)jdk.tls.client.protocols system property was introduced in java 1.7.0_95 [1]. You can try to upgrade java.
Probably you should share your debug log -Djavax.net.debug=all . To see if it cant be a problem of cipher suite selection.
-
5. Re: TLSv1.1/1.2 not working with JDK7
hablutzel1 Dec 24, 2016 12:02 AM (in response to mchoma)What is the difference between "https.protocols" system property and "jdk.tls.client.protocols" that you mention?, because the first one does actually allow to enable TLSv1.1 and TLSv1.2 in Java 7., see https://tonyyan.wordpress.com/2015/07/17/enabled-tls-1-2-and-tls-1-1-on-java-7/.
PS: Anywa, the OP's problem could be related to a hardcoded TLSv1 dependency in one of the libraries he is using , for example, take a look at the way Apache HttpClient 4.2.5 hardcodes TLSv1 usage, httpclient/SSLSocketFactory.java at 4.2.5 · apache/httpclient · GitHub .