Skip to main content

Enabling TLS1.2 support clients

Please note these forums are being decommissioned and use the new and improved forums at
1 reply [Last post]
Joined: 2011-03-12

Hi everyone!
As a pretty much a Java newbie I encountered a small problem with trying out the TLS support on the latest JDK7 snapshot.
I found a link (somewhere) saying that with JSSE the client supports only by default TLS1.0. Now my question is that I couldn't figure out a simple way to enable TLS1.2 support for the client. To make things more confusing I played around with the getProviders() method and the results are as follows:
SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores, JavaPolicy Policy; JavaLoginConfig Configuration)
Sun RSA signature provider
Sun Elliptic Curve provider (EC, ECDSA, ECDH)
Sun JSSE provider(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
SunJCE Provider (implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, Diffie-Hellman, HMAC)
Sun (Kerberos v5, SPNEGO)
Sun SASL provider(implements client mechanisms for: DIGEST-MD5, GSSAPI, EXTERNAL, PLAIN, CRAM-MD5, NTLM; server mechanisms for: DIGEST-MD5, GSSAPI, CRAM-MD5, NTLM)
XMLDSig (DOM XMLSignatureFactory; DOM KeyInfoFactory)

To the untrained eye this looks like the TLS1.2 support wouldn't be there at all unless I enable it somehow.

So - how can I enable TLS1.2 support on the JDK7 snapshot?

Oh, and here's some info:
Platform: Linux 32bit
jdk7/jdk1.7.0/jre/bin/java -version
java version "1.7.0-ea"
Java(TM) SE Runtime Environment (build 1.7.0-ea-b133)
Java HotSpot(TM) Client VM (build 21.0-b03, mixed mode)

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Joined: 2005-04-29

Please see SSLSocket.getSupportedProtocols()/SSLEngine.getSupportedProtocols():
Once you see what protocols are available, you can use get/setEnabledProtocols() to actually set which protocols will be active.
Hope this helps.