How to tell what SSL/TLS protocols allowed from my client application?
I have a client application communicating with external party application. The client application is up and running for long time.
Recently, I received a request from the third party asking about the allowed SSL/TLS protocols from the application server where my client application is running and calling their application.
Questions
How to tell what SSL/TLS protocols allowed from my client application ?
What has been done so far
1 - I checked SSL configration at the server's browser where my client application is running, See below screen shot. Is this what the third party team trying to know?
2 - The client application is running from weblogic 10.3.6. I cheked weblogic configuration in the following but I could not find any thing about the SSL/TLS protoclos used:
2.1 - Summary of Servers >Server_1 >Protocols
2.2 - Summary of Servers >Server_1 >Configuration >SSL
------ Update ------
I am using Java 7 for the client application. For that I checked the Java™ Secure Socket Extension (JSSE) documentation online. In the online documentation I found the following
Engine Class Implemented : SSLContext
Algorithm or Protocol: SSLv3 (a.k.a. SSL), TLSv1 (a.k.a. TLS), TLSv1.1, TLSv1.2
See documentation Java Cryptography Architecture Oracle Providers Documentation for Java Platform Standard Edition 7, The SunJSSE Provider for more information.
So is this the allowed SSL/TLS protocols from my client application? Further if Java has its own allowed Protocols, then how is that related to protocols setting in the browser ( Point 1 above )?
See http://docs.oracle.com/cd/E24329_01/web.1211/e24422/ssl.htm#SECMG634 (there are similar settings for 11G)
The browser settings are a red herring - the third-party app will connect to weblogic, not your browser, and negotiate a secure protocol based on what WLS + the third party app can mutually support.
Java7's default settings are acceptable, although if you need PCI-DSS compliance, you should probably set TLS1.1 as the minimum.
- Google Maps .getMap() deprecated
- How to write HashMap to CSV?
- Difference between shutdown and shutdownNow of Executor Service
- How to set up java logging using a properties file? (java.util.logging)
- Maven: create directory structure from pom.xml
- Does try-with-resources call dispose() method?
- How to adjust position of scroll in the scrollpane?
- Not annotated parameter overrides @NonNullApi parameter
- Oh no! IO! Concurrency issues with virtual threads, HikariCP, and Spring Boot JDBC (Postgres)
- Manual Compile of Netbeans Java Swing Application Created Multiple Classes
- Initializing final fields - Java
- I can't find the build folder of my project in Android studio
- How to use an enum field in annotations in java
- Spring boot validation doesn't work
- Why instances of `Class` and `Class<?>` has different behavior where it shouldn't be so?
- Proguard warnings: can't find referenced class scala.*
- equivalent of memcmp() in Java?
- Logging using Logback on Spark StandAlone
- I can't create a new project with java language anymore on Android Studio Hedgehog?
- Objectify paging
- Intellij, target JRE vesion doesn't match project jdk version
- Simple Coin Toss using random class in Java. The do while loop doesn't seem to generate random results
- What are Spring Security default credentials for Spring Boot?
- Java - Know the day of the week of the given String
- In the regex world what's a flavor and which flavor does Java use?
- How to quit the JShell and go back to the command-line?
- javax.ws.rs.ProcessingException: RESTEASY004655: Unable to invoke request
- Java algorithm for normalizing audio
- How to install spring-boot-starter-security dependency
- vertx RecordParser exception handling