如何在 Java 中设置 TLS1.2 版本 [英] How to set TLS1.2 version in Java
问题描述
环境详情:
java version "1.7.0_40"
Java(TM) SE Runtime Environment (build 1.7.0_40-b43)
Java HotSpot(TM) 64-Bit Server VM (build 24.0-b56, mixed mode).
我们正在使用 jboss-4.2.3.GA 和使用 ejb 的胖客户端.
We are using jboss-4.2.3.GA and thick client using ejb.
并且我们尝试通过以下方式设置 TLS1.2 版本:
And we have tried to set the TLS1.2 version in the following ways:
控制面板-->程序-->Java-->高级选项卡-->高级安全设置检查 TLS1.1 和 TLS1.2 并取消检查剩余的旧版本.但仍然在 Wireshark 软件中,我们看到客户端仅在 TLSV1 中与服务器通信.
Control Panel --> Programs-->Java-->Advanced Tab-->Advanced Security Settings checked the TLS1.1 and TLS1.2 and unchecked the remaining old versions. But still in Wire shark software we are seeing client is talking to server in TLSV1 only.
-Ddeployment.security.SSLv2Hello=false -Ddeployment.security.SSLv3=false -Ddeployment.security.TLSv1=false -Ddeployment.security.TLSv1.1=true -Ddeployment.security.TLSv1.2=真
在启动脚本中给出,但在 Wireshark 软件中,我们看到客户端仅在 TLSV1 中与服务器通信.
Given in the startup script, but in Wire shark software we are seeing client is talking to server in TLSV1 only.
参考链接:https://superuser.com/questions/747377/enable-tls-1-1-and-1-2-for-clients-on-java-7
jdk.tls.disabledAlgorithms= SSLv2Hello, SSLv3, TLSv1, TLSv1.1
在jre/lib/security/java.security 和jdk1.7.0_40/jre/lib/security/java.security 中.但仍然在 Wireshark 软件中,我们看到客户端仅在 TLSV1 中与服务器通信.
in the jre/lib/security/java.security and jdk1.7.0_40/jre/lib/security/java.security. But still in Wire shark software we are seeing client is talking to server in TLSV1 only.
参考链接:如何强制java服务器只接受tls 1.2并拒绝tls 1.0和tls 1.1连接
谁能告诉我们如何为客户端和服务器强制执行 TLS1.2 版本.
Can somebody tell us how enforce TLS1.2 version for both client and server.
推荐答案
我正在使用 Java 命令应用程序并且遇到了类似的问题.
I am working with a Java command application and had a similar issue.
来自 Oracle,java 7 默认使用 TLSv1,java 8 默认使用 TLSv1.2
From Oracle, java 7 default using TLSv1, java 8 default using TLSv1.2
在我尝试使用 JRE8 的应用程序后,应用程序开始自动使用 TLSv1.2.这是我的 Java 信息:
After I try to the application using JRE8, the application starts to use TLSv1.2 automatically. Here is my java info:
java version "1.8.0_92"
Java(TM) SE Runtime Environment (build 1.8.0_92-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.92-b14, mixed mode)
我继续搜索如何使用 Java8 配置运行时 TLS 版本,我尝试了您的第一种、第二种方式(还包括 -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2)并没有真正改变.
I continued to search how I can configure what runtime TLS version with Java8, I tried your 1st,2nd way (also including -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2) and nothing really changed.
我可以在使用 java8 的第三种方式时看到运行时更改:jdk.tls.disabledAlgorithms= SSLv2Hello, SSLv3, TLSv1, TLSv1.1.我无法使用 java7 使其工作.不确定这是否与您遇到的问题相同.您是否修改了运行应用程序的正确 JRE 配置?或者您是否可以升级到 java 8 并重试?
I am able to see runtime changes when using your 3rd way for java8: jdk.tls.disabledAlgorithms= SSLv2Hello, SSLv3, TLSv1, TLSv1.1. I am not able to make it work using java7. Not sure if this is the same issue you have. Did you modify the correct JRE configuration your application is running on? Or if you could upgrade to java 8 and try again?
Oracle 需要提供更好的文档,祝你好运!
Oracle needs to provide better documentation, good luck!
这篇关于如何在 Java 中设置 TLS1.2 版本的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
