Search code examples
javasslhttpsbouncycastletls1.2

TLS1.2 support with Java 6

We have a legacy application running on an embedded platform where we are using Java 6 as JVM. We have https access from the application which needs TLS1.2 support. The JVM we are using does not provide this. How to achieve TLS1.2 support to the application ?

Solution

  • We could achieve TLS1.2 support by using Bouncy Castle library.

    Here is the detailed solution

    • Add appropriate BC libraries to your project

    Maven Dependency

         <dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcprov-jdk15to18</artifactId>
            <version>1.64</version>
    </dependency>
    <dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bctls-jdk15to18</artifactId>
            <version>1.64</version>
    </dependency>

    • Add security provider as BC

        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
      Security.insertProviderAt(new BouncyCastleProvider(), 1);
  }
  // add provider only if it's not in the JVM
  if (Security.getProvider(BouncyCastleJsseProvider.PROVIDER_NAME) == null) {
      Security.insertProviderAt(new BouncyCastleJsseProvider(), 2);
  }

    Alternatively you can update JRE/lib/security/java.security

    security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider
security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider
security.provider.3=sun.security.provider.Sun
security.provider.4=sun.security.rsa.SunRsaSign
security.provider.5=com.sun.net.ssl.internal.ssl.Provider
security.provider.6=com.sun.crypto.provider.SunJCE
security.provider.7=sun.security.jgss.SunProvider
security.provider.8=com.sun.security.sasl.Provider

    The BC libraries needs to be on top (1&2)

    • Initialize SSL context with TLS1.2

      SSLContext tls = SSLContext.getInstance("TLSv1.2");
tls.init(null, null, null);
SSLContext.setDefault(tls);

    Testing

         HttpsURLConnection urlConnection = null;

    try {

        URL url = new URL("https://www.nist.gov/");
        urlConnection = (HttpsURLConnection) url.openConnection();

        String data = IOUtils.toString(urlConnection.getInputStream(), "UTF-8");
        System.out.println(data);
        
    } catch (IOException ex) {
        ex.printStackTrace();
        try {
            if (urlConnection != null) {
                code = ((HttpURLConnection) urlConnection).getResponseCode();
                message = ((HttpURLConnection) urlConnection).getResponseMessage();
            } else {
                message = ex.toString();
            }
        } catch (IOException ex2) {
            message = ex2.toString();
        }

        System.out.println("Response : " + message);
    } finally {
        if (urlConnection != null) {
            urlConnection.disconnect();
        }
    }