I am having trouble in calling services from Java 1.7 to Java 1.8. I will try to explain what I am doing.
Server 1 java version is 1.7.0_79 (unfortunately I can not change that). I am using Spring Rest Template to communicate. I understand that 1.7 uses TLS1 and Java 8 uses TLS1.2. I tried this communication with both sides on version 1.8 and I was able to communicate so I am sure certificate is fine.
I used the command to check the cipher being used by Server 2
$ openssl s_client -connect <server>:8443 -tls1_2
and got response
..... Long certificate chain
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: AC92BFBC090F4245271C10B9C5B968D1845278AE03714ED5806B4929DC3D0CC9
So in my opinion server is using these protocol and cipher. So if I use the same protocol and cipher, I should be able to communicate. To again make sure that this particular cipher is there, I asked my colleague to run following command on Server 2
openssl ciphers -v
and got following response
... lot of ciphers
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
So I am sure server supports ECDHE-RSA-AES128-GCM-SHA256 and I amde changes on my Rest Template's SSLConnectionSocketFactory
public SSLConnectionSocketFactory sslConnectionSocketFactory() throws Exception {
return new SSLConnectionSocketFactory(sslContext(),
new String[] {
"TLSv1.2"
},
new String[] {
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
},
NoopHostnameVerifier.INSTANCE);
}
But I am still getting error
"Unsupported ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
Could you please guide me in right direction? I have searched a lot but could not find solution. Thanks in advance.