torsdag den 1. september 2016

Diagnosing SSL errors and enabling TLS 1.2 on Java 7

SSL errors in Java can be tricky to debug if the only thing you got is a stacktrace. However, there is a way to get for information out of the JVM. Enabling the JVM property javax.net.debug will print a lot of debug information. E.g. the version of the SSL/TLS protocol used:

-Djavax.net.debug=all

The default version of TLS on Java 7 is TLS 1.0. The version can changed by using the https.protocols property:

-Dhttps.protocols=TLSv1.2

References

https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https
http://superuser.com/questions/747377/enable-tls-1-1-and-1-2-for-clients-on-java-7