I am trying to hit a webservice which supports TLSv1.2. I am using Java 1.4. It does not support TLSv1.2.
Now someone told me that BC could solve my problem. Though does it work with a SSLEngine as drop in replacement somehow? Is this possible with BC?
What do I have to do to get a working
SSLEngine (for use with TLSv1 in a
nonblocking io scenario) without such low restrictions on primesize for DH.
What I tried:
This alone seems not to solve the problem.
So instead of
SSLContext.getInstance("TLSv1"); //which works alas only little DH keys.
I tried calling the following:
SSLContext.getInstance("TLSv1","BC"); SSLContext.getInstance("TLS","BC"); SSLContext.getInstance("TLSv1.2","BC"); SSLContext.getInstance("ssl","BC");
Though all of them throws
I could solve this by using bctls lib, but unfortunatelly it doesn't seem to have a version for Java 1.4.
Anyway, if an upgrade of your Java version is possible, you just need to add this jar to your project and use the
org.bouncycastle.jsse.provider.BouncyCastleJsseProvider class (I've used Java 1.7 for this test):
// add the JSSE provider Security.addProvider(new BouncyCastleJsseProvider()); // tests SSLContext.getInstance("TLSv1.1", BouncyCastleJsseProvider.PROVIDER_NAME); SSLContext.getInstance("TLSv1.2", BouncyCastleJsseProvider.PROVIDER_NAME); SSLContext.getInstance("TLSv1", BouncyCastleJsseProvider.PROVIDER_NAME);
All tests above run without error.
Checking all the SSL protocols supported:
SSLContext context = SSLContext.getInstance("TLSv1", BouncyCastleJsseProvider.PROVIDER_NAME); System.out.println(Arrays.toString(context.getSupportedSSLParameters().getProtocols())); // [TLSv1.1, TLSv1, TLSv1.2]
The output is:
[TLSv1.1, TLSv1, TLSv1.2]