DevTest version 9 and later default to TLS version 1.2. Our application requires TLS version 1.x even though it successfully negotiates version 1.2. How may we override this?
Starting with Java SE version 8, all TLS connections default to TLS 1.2. This is imposed upon DevTest by the Java version in use and is not affected by any changes that can be made to DevTest.
Although this issue cannot be resolved by changes to DevTest it is possible to alter the Java security settings to restrict the TLS versions in use. The following changes will be made to the JRE in use and cannot be made on a per-test or per-service basis.
DevTest is bundled with a JRE (Java Runtime Environment) which is installed in the jre directory under the DevTest installation root directory. From the jre folder, navigate to the lib folder and then to the folder names security
DevTest Installation Directory
Within this folder is a file named java.security - this should be opened with a text editor and the line beginning "
jdk.tls.disabledAlgorithms=" located. Unless it has been previously altered this line will read
jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768
and implies SSLv3, R4 and Diffie-Hellman keys of less than 768 bits are disabled.
To prevent TLS 1.2 being used, modify this line to read
jdk.tls.disabledAlgorithms=SSLv3, TLSv1.2, RC4, DH keySize < 768
to prevent both TLS 1.1 and TLS 1.2,
jdk.tls.disabledAlgorithms=SSLv3, TLSV1.1, TLSv1.2, RC4, DH keySize < 768
And so on.
If you have elected to use another JRE than the one supplied with DevTest then the above changes will need to be made within that JRE - the file paths will be relative to that JRE.