Problem with Java 7 JSSE TLS 1.2

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Problem with Java 7 JSSE TLS 1.2

Murray, Thomas - 3

I have an existing Java 7 application using SSL Sockets to a black box.  The black box was recently upgraded and now only supports TLS 1.2 and 3 specific GCM ciphers.  I am unable to upgrade to Java 8 or later, which contains the GCM ciphers.  Since Java 7 does not support the required GCM ciphers, I placed the bcprov-ext-jdk15on-159.jar and bctls-jdk15on-159.jar in the jre/lib/ext, and also modified the java.security file.  After doing so, everything worked as expected.  However, our infrastructure team stated we are not allowed to modify the baseline JVM installed on the servers.  As a result, I tried programmatically, by adding the security provider:

Security.insertProviderAt(new BouncyCastleProvider(), 1);
Security.insertProviderAt(new BouncyCastleJsseProvider(), 2);

I also modified the SSLContext initialization with:

SSLContext sslContext = SSLContext.getInstance("TLSv1.2",BouncyCastleJsseProvider.PROVIDER_NAME);

After doing so, I cannot get the SSL socket to initialize.  I get a handshake_failue(40) alert error. I verified, the GCM ciphers are enabled prior to using the socket.  Are there other steps I need to take programmatically?

Thanks
Tom.

----------------------------------------------------------------------
This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer.   If you are not the intended recipient, please delete this message.