1

I know that there have been a question asked about enabling TLS 1.2 in Java 6 but I have not found a proper solution.

I have tried also with a BouncyCastle provider, but no luck there...

I have managed to get it to work, following some other site's help with the code:

package testTLS12;

import java.io.IOException;
import java.io.InputStream;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.Socket;
import java.security.SecureRandom;

import org.bouncycastle.tls.CertificateRequest;
import org.bouncycastle.tls.DefaultTlsClient;
import org.bouncycastle.tls.TlsAuthentication;
import org.bouncycastle.tls.TlsClientProtocol;
import org.bouncycastle.tls.TlsCredentials;
import org.bouncycastle.tls.TlsServerCertificate;
import org.bouncycastle.tls.crypto.TlsCrypto;
import org.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto;

public class TestHttpClient {

    public static void main(String[] args) throws Exception {

        SecureRandom secureRandom = new SecureRandom();
        Socket socket = new Socket(InetAddress.getByName("tls-v1-2.badssl.com"), 1012);
        TlsClientProtocol protocol = new TlsClientProtocol(socket.getInputStream(), socket.getOutputStream());
        TlsCrypto crypto = new BcTlsCrypto(secureRandom);
        DefaultTlsClient client = new DefaultTlsClient(crypto) {
            public TlsAuthentication getAuthentication() throws IOException {
                return new TlsAuthentication() {
                    @Override
                    public TlsCredentials getClientCredentials(CertificateRequest var1) throws IOException {
                        return null;
                    }

                    @Override
                    public void notifyServerCertificate(TlsServerCertificate var1) throws IOException {
                    }
                };
            }
        };
        protocol.connect(client);

        OutputStream output = protocol.getOutputStream();
        output.write("GET / HTTP/1.1\r\n".getBytes("UTF-8"));
        output.write("Host: www.google.com\r\n".getBytes("UTF-8"));
        output.write("Connection: close\r\n".getBytes("UTF-8")); // So the server will close socket immediately.
        output.write("\r\n".getBytes("UTF-8")); // HTTP1.1 requirement: last line must be empty line.
        output.flush();

        InputStream input = protocol.getInputStream();
        BufferedReader reader = new BufferedReader(new InputStreamReader(input));
        String line;
        while ((line = reader.readLine()) != null)
        {
            System.out.println(line);
        }

        socket.close();
    }
}

but it is a custom socket manipulation etc. I am not able to enable whole JRE with TLS1.2 - meaning that every library like JSoup or similar, that uses SSLSocketFactory should be also able to use TLS1.2

Using "paid" version of JRE is not an option. Paid version I mean everything over Java 6u45. https://www.oracle.com/java/technologies/oracle-java-archive-downloads.html - Current update releases for JDK 6 and JDK 7 are available for support customers.

Upgrade to Java 8 is also not an option.

I have tried the class TSLSocketConnectionFactory from How to use TLS 1.2 in Java 6 but no luck...

Has anyone made it to the working code?

Mr. P
  • 1,167
  • 1
  • 8
  • 21
  • 1
    Does this answer your question? [How to use TLS 1.2 in Java 6](https://stackoverflow.com/questions/33364100/how-to-use-tls-1-2-in-java-6) – lalo Mar 06 '20 at 14:18
  • Nope. I have stated that "paid" JRE is not an option - Java6 last "free" version is 45. The mentioned 111 or 121 is "paid". Second comment also does not work - i have set this `TSLSocketConnectionFactory` as default handler: `HttpsURLConnectionImpl.setDefaultSSLSocketFactory(new TSLSocketConnectionFactory());` but still no luck... – Mr. P Mar 06 '20 at 16:23
  • Maybe https://stackoverflow.com/a/33375677/2804966 – lalo Mar 06 '20 at 16:39
  • Try [create an SSLContext instance using a Bouncy Castle provider](https://stackoverflow.com/a/44781379/1795426) or [this](https://stackoverflow.com/a/33122393/1795426) – user11153 Mar 06 '20 at 16:39
  • 1
    Is there some reason it has to be in Java 6? Java 6 was deprecated some time ago. The current long term service releases are Java 8 and Java 11.... and 8 is only supported until the end of this year. – Powerlord Mar 06 '20 at 17:00
  • @lalo, it is the same as https://stackoverflow.com/a/33495988/1727039 and it works only when i add it into connection `con.setSSLSocketFactory(new TSLSocketConnectionFactory());` or `HttpsURLConnection.setDefaultSSLSocketFactory(new TSLSocketConnectionFactory());` but then it works only when i manually use `url.openConnection()` and not by using some external library (like JSoup). Just to clarify, JSoup does not use any custom SSL handling, therefore I need some solution that adds TLS1.2 to global JRE settings. – Mr. P Mar 06 '20 at 17:59
  • @user11153, I guess that the first approach is ok but there seems to be some bug in BC: `Exception in thread "main" java.lang.NoSuchMethodError: org.bouncycastle.asn1.ASN1ObjectIdentifier.equals(Lorg/bouncycastle/asn1/ASN1Primitive;)Z at org.bouncycastle.tls.crypto.impl.RSAUtil.supportsPKCS1(Unknown Source) at org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCertificate.supportsRSA_PKCS1(Unknown Source)` The second link is the same I have put in the question content ;) – Mr. P Mar 06 '20 at 18:03
  • @Powerlord, unfortunatelly the project i am in is till at Java 6 and there is no plan tu upgrade it, so yes - it has to be Java 6. – Mr. P Oct 14 '20 at 09:31

0 Answers0