Java 8 cannot force TLS for sslcontext creation?

Question

I'd like to use TLS/TLSv1.2 for an ssl context:

SSLContext context = SSLContext.getInstance("TLSv1.2");
context.init(new KeyManager[] { km }, new TrustManager[] { new MyTrustStore(keyStore) }, new SecureRandom());
System.out.println("PROTOCOL: "+SSLContext.getDefault().getSupportedSSLParameters().getProtocols()[0]);

We're using custom Truststores and keymanagers, just ignore that here, but we do need those.

Now this prints "SSLv2Hello" every time.

I have tried both

SSLContext context = SSLContext.getInstance("TLSv1.2");

and

SSLContext context = SSLContext.getInstance("TLS");

And neither worked.

For reference this runs on JDK 1.8.0_171

Thank you for your help

Have you printed the remaining elements of the array returned by `getProtocols()`? — Sotirios Delimanolis, Apr 14 '20 at 18:05
`SSLv2Hello` is not the actual SSLv2 protocol (or any other SSL), it is only a compatbility kludge that allowed better error handling with older servers during the transition period about 2004-2010. It is no longer needed (and how often _causes_ errors) and has been **disabled by default** since j7 ( see `getDefaultParameters` instead of `getSupportedParameters`); just don't add any code to enable it.. Also you might want to look at your _actual_ `context` not `getDefault()`. — dave_thompson_085, Apr 14 '20 at 18:13

score -1 · Answer 1 · answered Apr 14 '20 at 18:03

-1

You can try a custom way. Below is a kotlin sample

    val sslContext = SSLContexts.custom().setProtocol("TLSv1.2").build()

Reference : How to fix 'SSLHandshakeException: Received fatal alert: decode_error'?

answered Apr 14 '20 at 18:03

Abbin Varghese

2,422
5
28
42

Java 8 cannot force TLS for sslcontext creation?

1 Answers1