I have a Java client that connects to an HTTPS server. That server can use any of TLS1_1 TLS1_2 TLS1_3.
With default java.security settings:
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, RC4, DES, MD5withRSA, \
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL
My client fails miserably with:
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites
are inappropriate)
Which I understand as "I don't have implementation for anything that is allowed".
When I comment out jdk.tls.disabledAlgorithms:
#jdk.tls.disabledAlgorithms=SSLv3, TLSv1, RC4, DES, MD5withRSA, \
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL
My client fails less miserably, but fails anyway due to the server not willing to talk over TLS1:
Produced ClientHello handshake message (
"ClientHello": {
"client version" : "TLSv1",
...
Received alert message (
"Alert": {
"level" : "fatal",
"description": "protocol_version"
}
..
Fatal (PROTOCOL_VERSION): Received
fatal alert: protocol_version (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Received fatal alert: protocol_version
I am using OpenJDK 17 on Red Hat Enterprise Server 8.7. My Java client uses Jersey REST client.
Why does my Java client not want to start handshake with higher TLS versions?