Skip to main content

Posts

Showing posts from May, 2015

Use TLSv1.2 and deactivate TLSv1 and TLSv1.1

Recently, I got in to a situation where my customer web service deactivated TLSv1 and TLSv1.1 protocol. Eventually, my application client that used to interact with Server started receiving below error in hand-shake javax . net . ssl . SSLHandshakeException : Received fatal alert : handshake_failure   After analysis I found out that my application runs on JDK 1.5 that only supports TLSv1. To replicate this scenario, I deployed web-service in tomcat  and made my tomcat to accept only TLSv1.2 protocol. This can be done by changing server.xml as follows: <Connector ...  SSLEnabled="true" sslProtocols="TLSv1.2" sslEnabledProtocols = "TLSv1.2" /> ***Please note tha t it depends upon tomcat version to use which either of  sslProtocols or  sslEnabledProtocols attribute Now when I ran my usual client application it received handshake failure as Client did Hello with TLSv1, while my server was not ready to accept it...