DevTest defaults to using TLS1.2 and I need to override this
search cancel

DevTest defaults to using TLS1.2 and I need to override this


Article ID: 41413


Updated On:


CA Application Test CA Continuous Application Insight (PathFinder)


DevTest version defaults to TLS version 1.2. Our application requires TLS version 1.x even though  it successfully negotiates version 1.2. How may we override this?



Component: ITKOTF


Starting with Java SE version 8, all TLS connections default to TLS 1.2. This is imposed upon DevTest by the Java version in use and is not affected by any changes that can be made to DevTest.


Although this issue cannot be resolved by changes to DevTest it is possible to alter the Java security settings to restrict the TLS versions in use. The following changes will be made to the JRE in use and cannot be made on a per-test or per-service basis.

DevTest is bundled with a JRE (Java Runtime Environment) which is installed in the jre directory under the DevTest installation root directory. From the jre folder, navigate to the lib folder and then to the folder names security

DevTest Installation Directory 

Within this folder is a file named - this should be opened with a text editor and the line beginning "jdk.tls.disabledAlgorithms=" located. Unless it has been previously altered this line will read

jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768

and implies SSLv3, R4 and Diffie-Hellman keys of less than 768 bits are disabled. 

To prevent TLS 1.2 being used, modify this line to read

jdk.tls.disabledAlgorithms=SSLv3, TLSv1.2, RC4, DH keySize < 768

to prevent both TLS 1.1 and TLS 1.2,

jdk.tls.disabledAlgorithms=SSLv3, TLSV1.1, TLSv1.2, RC4, DH keySize < 768

And so on.


If you have elected to use another JRE than the one supplied with DevTest then the above changes will need to be made within that JRE - the file paths will be relative to that JRE.

Additional Information