Monday, 27 January 2025

Configuring JAVA 6 to use TLS version 2 (TLSv2)

How to use TLSV2 with JAVA 6? Can JAVA 6 run TLSv2 or higher versions?

Yes, JAVA 6 supports encryption up to TLSv2 version.

This case might not be relevant to most of the people but there are still some legacy applications which are still running with JAVA 6 and you might need to have SSL implemented with that application due to security reasons. Now, free JAVA 6 supports ciphers till TLS version 1 but not beyond it. Though Oracle has provided compatibility with TLS v2 with latest updates, you can refer Oracle article here to get to know about it but the problem is that you'll need to buy JAVA license to use that feature officially.

Use Case:

How to setup TLS v2 with JAVA 6 without any cost? Since Chrome's latest update doesn't allow websites having TLS version 1 or lower.

You can still access TLS v1 with Internal Explorer or Mozilla Firefox but then, Chrome is the most comfortable browser and mostly used in my opinion, not gonna lie.

Solution:

Without stretching this post further, let's talk about solution in this case.

Thanks to Bouncy Castle, we now have a provision to setup TLS v2 with JAVA 6. And the best thing is it's Open Source so no additional license cost to pay.


Please follow the below instructions to set it up. In my case, I used JAVA 6 update 45 which is the last allowed free version in JAVA 6 series, I guess.

1) Download the Bouncy Castle Jar files needed for this setup from here

I'll also provide the direct links for versions I have used for my JAVA 6 version which were - bcprov-jdk15to18-1.71.jar, bctls-jdk15to18-1.71.jar () & bcutil-jdk15to18-1.71.jar

Note: With 1st link you can choose different types of bundles and packages for different libraries. Of course, you must explore the documentation for different available functionalities. This articles strictly talks about TLS v2 implementation only.

2) Once downloaded, please copy the JAR files to,

$JAVA_HOME/jre/lib/ext in Linux
OR 
%JAVA_HOME%\jre\lib\ext in Windows

3) Then go to path $JAVA_HOME/jre/lib/security/java.security. Save a copy of java.security as we are going to do some modifications in it. Once secured, edit the file and do amendments as shown below,

# Comment all the below shown lines
# security.provider.1=sun.security.provider.Sun
# security.provider.2=sun.security.rsa.SunRsaSign
# security.provider.3=com.sun.net.ssl.internal.ssl.Provider
# security.provider.4=com.sun.crypto.provider.SunJCE
# security.provider.5=sun.security.jgss.SunProvider
# security.provider.6=com.sun.security.sasl.Provider
# security.provider.7=org.jcp.xml.dsig.internal.dom.XMLDSigRI
# security.provider.8=sun.security.smartcardio.SunPCSC

# Add the below entries and set their priority to highest.
security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider
security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider
    
# Updated the earlier commented lines with new revised priorities
security.provider.3=sun.security.provider.Sun
security.provider.4=sun.security.rsa.SunRsaSign
security.provider.5=com.sun.net.ssl.internal.ssl.Provider
security.provider.6=com.sun.crypto.provider.SunJCE 
security.provider.7=sun.security.jgss.SunProvider
security.provider.8=com.sun.security.sasl.Provider
security.provider.9=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.10=sun.security.smartcardio.SunPCSC

# Modified the default SSLSocketFactory implementation
ssl.SocketFactory.provider=org.bouncycastle.jsse.provider.SSLSocketFactoryImpl

4) That's it. Now your JAVA 6 environment is ready to use TLSv2 certificate for any application, web server.

Important:

Please make sure to download all 3 jars as shown for this 1.71 version. There are some changes done in the Bouncy Castle file structure and now some dependencies are there in "bcutil" bundle. There are many articles on web that will just ask to download "bcprov" and "bctls" bundles because earlier, file structure was different. But now you must download/use all 3 mentioned JARS to avoid missing class "\org\bouncycastle\asn1\eac\EACObjectIdentifiers" errors.

I hope this helps !!

No comments:

Post a Comment