How to switch between TLS 1.0 and SSL 3.0 at Java/JRE level?
Disclaimer: from my point of view it is not a good idea to donwgrade the connection protocol to SSLv3 unless you have a device which does not support TLS.
If you really need it you can force the tomcat connector to use the SSLv3 protocol. In the connector XML configuration:
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector protocol="HTTP/1.1" port="8443" ... sslProtocol="SSLv3"/>
the sslProtocol attribute accepts the SSLContext algorithm names defined in the Java documentation. The default value is TLS.
The HTTP connector documentation is also available here : http://tomcat.apache.org/tomcat-7.0-doc/config/http.html
UPDATE
It seems possible to specify the authorized protocols for SSL and TLS with the java system property https.protocols (see here). You can launch your application with
java -Dhttps.protocols="SSLv3" ... -jar myapp.jar
Related videos on Youtube
05 : 04
02 : 37
04 : 22
01 : 08
03 : 15
08 : 13
01 : 48
Anita
Updated on September 18, 2022Comments
-
Anita almost 2 years
I am using
java 1.6.I have setup my tomcat as mysslenabled server. And i have setup a ssl enabled client (java code). When i do a communication from my client to server. In java ssl dump in tomcat logs, I always seeTLSv1picked as SSL protocol version by both my client and server. Is there a way i can switch betweenSSLv3andTLSv1protocols for secure connection? How can i make a client server communication usingSSLv3?Thanks in advance!
-
OrangeDog over 9 yearsBut SSLv3 is less secure than TLS
-
ravi yarlagadda over 9 yearsDo you control the client application's code? This isn't possible in the exact way you're asking, which seems to be that you'll only accept a way that takes TLSv1 completely out of the JVM. Please clarify what you're attempting to achieve, and why a different method to get the same solution isn't acceptable.
-
Jonesome Reinstate Monica over 9 yearsThe poster needs to simulate an app or env that is stuck on ssl3. This is a commom need to see how legacy systems behave with and without ssl3 available. -
Anita over 9 years@ShaneMadden, if i will have to change client code. What exactly do i to change in the code? I am trying to setEnableProtocols in SSLSocket with sslv3 only where in it is actually has sslv3 and tlsv1 values.
-
ravi yarlagadda over 9 years@Anita So you're making a function call that's setting just SSLv3 active but it's still using TLSv1? Can you update your question with what you're doing and what you're seeing that indicates it's not working?
-
-
Admin over 9 yearsThanks for the suggestion @Jcs. My requirement is to change the protocol to ssl v3 or tls v1 at java/jre level. Not at tomcat level. Because, tomorrow i may have to do the same for any web server as well. -
Admin over 9 yearsWhen you say "at java/jre level" you mean globally for a JVM (for instance with a environment or JVM variable) or in a programmatic way (i.e. the java code which create a SSLv3 SSLSocketFactory) ?
-
Admin over 9 yearsyes, i have to do it globally for JVM. I tried to disable TLS v1 under java control panel. But, no luck. Still SSL communication between client and server is using TLS v1 by default.
-
Admin over 9 yearsFYI for just trying purpose, i tried to add sslProtocol="SSLv3" in my tomcat's server.xml's Connector tag and restarted my tomcat server. But, still SSL communication between client and server is using TLS v1 :(
-
Admin over 9 yearsI update the post with another solution using
https.protocolsystem property. But I did not tried it. -
Admin over 9 yearsI have added this java -Dhttps.protocols="SSLv3" in java system properties. But, no luck :(
-
Brian Knoblauch over 9 yearsI can't think of any way to do it globally for the entire JVM. Individual applications (either a Java app itself, or Java container such as Tomcat) are free to select with protocols they will or will not support (with the exception of ones that are eventually removed from the JVM completely).
