By default, Jdk1.7 doesn’t provide support for TLS v1.2, and when you enable it, the cipher suite provided by the service e.g. ECDHE-RSA-AES128-GCM-SHA256 might not be supported at all by the JDK.
This was exactly my case until I asked chatGPT about it:
“Okay since jdk1.7 doesn’t support that cipher suite, do you think such support can be provided by external dependency”
And the answer was yes, you might find the answer in BouncyCastle !
Code time
First here are the Maven dependencies: (you might need to upgrade dependencies to avoid security issues)
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.70</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bctls-jdk15on</artifactId>
<version>1.70</version>
</dependency>Here’s the Java code: (use the code at your own risk)
HttpsURLConnection con = (HttpsURLConnection) new URL(url).openConnection();
Security.addProvider(new BouncyCastleProvider());
System.setProperty("org.bouncycastle.jsse.client.assumeOriginalHostName", "true");
SSLContext sslContext = SSLContext.getInstance("TLS", new BouncyCastleJsseProvider());
sslContext.init(null, new TrustManager[]{new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
}}, new SecureRandom());
con.setSSLSocketFactory(sslContext.getSocketFactory());
// now you can use the con variable againest https tlsv1.2 services to post/get data etc...Thats it. Thanks!
