We have a legacy application running on an embedded platform where we are using Java 6 as JVM. We have https access from the application which needs TLS1.2 support. The JVM we are using does not provide this. How to achieve TLS1.2 support to the application ?
We could achieve TLS1.2 support by using Bouncy Castle library.
Here is the detailed solution
Maven Dependency
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15to18</artifactId>
<version>1.64</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bctls-jdk15to18</artifactId>
<version>1.64</version>
</dependency>
Add security provider as BC
if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
Security.insertProviderAt(new BouncyCastleProvider(), 1);
}
// add provider only if it's not in the JVM
if (Security.getProvider(BouncyCastleJsseProvider.PROVIDER_NAME) == null) {
Security.insertProviderAt(new BouncyCastleJsseProvider(), 2);
}
Alternatively you can update JRE/lib/security/java.security
security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider
security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider
security.provider.3=sun.security.provider.Sun
security.provider.4=sun.security.rsa.SunRsaSign
security.provider.5=com.sun.net.ssl.internal.ssl.Provider
security.provider.6=com.sun.crypto.provider.SunJCE
security.provider.7=sun.security.jgss.SunProvider
security.provider.8=com.sun.security.sasl.Provider
The BC libraries needs to be on top (1&2)
Initialize SSL context with TLS1.2
SSLContext tls = SSLContext.getInstance("TLSv1.2");
tls.init(null, null, null);
SSLContext.setDefault(tls);
Testing
HttpsURLConnection urlConnection = null;
try {
URL url = new URL("https://www.nist.gov/");
urlConnection = (HttpsURLConnection) url.openConnection();
String data = IOUtils.toString(urlConnection.getInputStream(), "UTF-8");
System.out.println(data);
} catch (IOException ex) {
ex.printStackTrace();
try {
if (urlConnection != null) {
code = ((HttpURLConnection) urlConnection).getResponseCode();
message = ((HttpURLConnection) urlConnection).getResponseMessage();
} else {
message = ex.toString();
}
} catch (IOException ex2) {
message = ex2.toString();
}
System.out.println("Response : " + message);
} finally {
if (urlConnection != null) {
urlConnection.disconnect();
}
}