search cancel

DevTest defaults to using TLS1.2 and I need to override this

book

Article ID: 41413

calendar_today

Updated On:

Products

CA Application Test CA Continuous Application Insight (PathFinder)

Issue/Introduction

DevTest version defaults to TLS version 1.2. Our application requires TLS version 1.x even though  it successfully negotiates version 1.2. How may we override this?

 

Cause

Starting with Java SE version 8, all TLS connections default to TLS 1.2. This is imposed upon DevTest by the Java version in use and is not affected by any changes that can be made to DevTest.

Environment

Release:
Component: ITKOTF

Resolution

Although this issue cannot be resolved by changes to DevTest it is possible to alter the Java security settings to restrict the TLS versions in use. The following changes will be made to the JRE in use and cannot be made on a per-test or per-service basis.

DevTest is bundled with a JRE (Java Runtime Environment) which is installed in the jre directory under the DevTest installation root directory. From the jre folder, navigate to the lib folder and then to the folder names security

DevTest Installation Directory 
????jre
    ????lib
        ????security

Within this folder is a file named java.security - this should be opened with a text editor and the line beginning "jdk.tls.disabledAlgorithms=" located. Unless it has been previously altered this line will read

jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768

and implies SSLv3, R4 and Diffie-Hellman keys of less than 768 bits are disabled. 

To prevent TLS 1.2 being used, modify this line to read

jdk.tls.disabledAlgorithms=SSLv3, TLSv1.2, RC4, DH keySize < 768

to prevent both TLS 1.1 and TLS 1.2,

jdk.tls.disabledAlgorithms=SSLv3, TLSV1.1, TLSv1.2, RC4, DH keySize < 768

And so on.

Note

If you have elected to use another JRE than the one supplied with DevTest then the above changes will need to be made within that JRE - the file paths will be relative to that JRE.

Additional Information

https://blogs.oracle.com/java-platform-group/entry/java_8_will_use_tls