0
I have a Java program that uses JDK 7, it is deployed on an application server (WEBLOGIC 10.3). By default, when making requests for data in the JSON format provided by a website, the program is using TLS 1.0. This site that seeks the information only accepts TLS 1.2 and 1.3, this is causing protocol error.
WEBLOGIC is configured with JDK7. I already changed the Java 7 control panel to use only TLS 1.2 instead of 1.0, but for some reason it keeps trying to make Handshake with TLSV1.
One solution I got is to determine version 1.2 in my HTTP requests. But for some reason I can’t leave that in the code. In some places it says that in WEBLOGIC I can set the following argument to make use of TLS 1.2:
-Djdk.tls.client.protocols=TLSv1.2
Even setting this on my application server startup the program keeps trying handshakes with 1.0. Therefore, the question of the title of this question arose, who determines the version of the TLS protocol of output in an application deployed on an application server? Will the JRE always be used when putting anything specifying the version in the code, and is it always the program created when specifying the protocol I want? Or can I "overwrite" these two situations on my application server and determine that I want you to use for example TLS 1.2 with the boot argument (-Djdk.tls.client.protocols=Tlsv1.2)? Or with this argument I am only defining what I am accepting and not output requests?
Thank you.
The protocol effectively used is negotiated between client and server at the time of Handshake among the protocols offered by both sides. That is, if you want TLS 1.2 and the other side supports 1.2 your client must exclusively provide this option, either by passing it in the code (what you said you didn’t want) or by taking a default configuration. I looked over the problem only, but it seems that there is another parameter that can be passed to the JVM and it seems that the previous one only works with the operations
HttpsURLConnection()
orURL.openStream()
, what I don’t know if it’s your case.– Piovezan
Anyway, I’d have to study harder. I have seen this information here: https://www.ibm.com/support/pages/how-do-i-change-default-ssl-protocol-my-java-client-application-will-use
– Piovezan