如何使用 java 或 spring 库使 rest 服务仅使用 TLS V1.2？

Question

The service provider who is hosting a rest service is asking to communicate using TLS version 1.2 only. So now I need to make my application to communicate with that service using TLS v 1.2.

I know, in java8 we have an option of disabling the legacy version of TLS and SSL using the property jdk.tls.disabledAlgorithms=SSLv3, RC4 in java.security file.

But in a server there will be other process using the same java settings, so I'm worried like if I change for that property in java.security file, then it will be applicable to other services which are using the same settings.

Question: I would like to know if there is any other way to make my rest calls use only particular TLS version, through application code using java/spring libraries?

Answer 1

Create a SSLContext to use the required protocol:

SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(null, null, null);

If the client code or library uses HttpsURLConnection then you can set the default SSLSocketFactory for all the HTTS Connections:

HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());

Or at a per connection level:

HttpsURLConnection urlConnection = ....;
urlConnection.setSSLSocketFactory(sslContext.getSocketFactory());
urlConnection.connect();

Different libraries may have different systems to provide the SSLSocketFactory or SSLContext . For example, if you are using JAX-RS, you can create a REST client that uses the SSLContext with:

Client client = ClientBuilder.newBuilder().sslContext(sslContext).build();