Java HttpsURLConnection and TLS 1.2

Asked 8/5, 2015 at 10:24 Answered 4/8, 2021 at 3:1

I read in an article that HttpsURLConnection will transparently negotiate the SSL connection.

The official document says:

This class uses HostnameVerifier and SSLSocketFactory. There are default implementations defined for both classes. ^[1]

Does that mean once you open a connection with

httpsCon = (HttpsURLConnection) url.openConnection();

It is already SSL/TLS encrypted without any more hassle?

How can I view and set the TLS version for the standard implementation? (Should be TLS 1.2 for Java 8 and TLS 1.0 for Java 7)

References

Oracle Corp. (2011). javax.net.ssl.HttpsURLConnection. (JavaDoc)

Conias answered 8/5, 2015 at 10:24 Comment(6)

Please don't cite arbitrary Internet junk. Unless you're using that specific JRE, which you don't state, the correct URL for the page you cited is at the Oracle website. – Infecund 8/5, 2015 at 10:28

I added the official document instead of the altered one - the unoffial one states that SSL is transparently neotated, the official one states that there are default implementations. So my question is still the same, hope my post is now more transparent. – Conias 8/5, 2015 at 11:50

You can set the TLS version to use via the https.protocols system property, see this answer. – Whitcher 8/5, 2015 at 13:11

I'm trying this way in Java 1.6 : #33517976 – Regin 4/11, 2015 at 10:9

What is the default connection mode SSL, TLS1.0 or TLS1.2 ? – Kwakiutl 24/7, 2020 at 4:33

Depends on the java version in JDK 1.7 it will set it to TLS 1.0 – Conias 25/7, 2020 at 11:45

You will have to create an SSLContext to set the Protocoll:

in Java 1.8:

 SSLContext sc = SSLContext.getInstance("TLSv1.2");
 // Init the SSLContext with a TrustManager[] and SecureRandom()
 sc.init(null, trustCerts, new java.security.SecureRandom());

in Java 1.7:

 SSLContext sc = SSLContext.getInstance("TLSv1");
 // Init the SSLContext with a TrustManager[] and SecureRandom()
 sc.init(null, trustCerts, new java.security.SecureRandom());

then you just have to set the SSLContext to the HttpsURLConnection:

httpsCon.setSSLSocketFactory(sc.getSocketFactory());

That should do the Trick.

Quipu answered 2/9, 2015 at 7:7 Comment(3)

What is trustCerts and how do you create/get one? – Cabanatuan 23/12, 2016 at 10:53

In case anybody was wondering about the init() parameters, here's what the documentation says: "Either of the first two parameters may be null in which case the installed security providers will be searched for the highest priority implementation of the appropriate factory. Likewise, the secure random parameter may be null in which case the default implementation will be used." – Disequilibrium 12/6, 2017 at 16:59

See #1201548 for a trivial, unsafe, all-trusting implementation of trustCerts – Triboluminescence 20/2, 2018 at 14:59

You can also set TLS 1.2 protocol with the JDK 1.7. By default JDK 1.7 will set it to 1.0.

SSLContext sc = SSLContext.getInstance("TLSv1.2"); //$NON-NLS-1$
sc.init(null, null, new java.security.SecureRandom());
HttpsURLConnection con = (HttpsURLConnection) httpsURL.openConnection();
con.setSSLSocketFactory(sc.getSocketFactory());

Systole answered 13/4, 2017 at 4:59 Comment(0)

private static javax.net.ssl.SSLSocketFactory getFactorySimple() 
        throws Exception {
    SSLContext context = SSLContext.getInstance("TLSv1.2");`

    context.init(null, null, null);

    return context.getSocketFactory();

}

String loginurl ="some url";
HttpsURLConnection connection = null;
URL url = new URL(loginURL);

connection = (HttpsURLConnection) url.openConnection();

javax.net.ssl.SSLSocketFactory sslSocketFactory =getFactorySimple();

connection.setSSLSocketFactory(sslSocketFactory);

The above code can be used to enable tls 1.1 or tls 1.2 in java 1.7

Withdraw answered 18/8, 2017 at 8:31 Comment(3)

yeah, it probably can... but what does it do? – Mull 28/4, 2019 at 15:59

This help to set the tls 1.2 in java 7 where this is not enable by default in java 7 – Withdraw 17/7, 2019 at 12:18

What does it use by default SSL, TLS1.0 or TLS1.2 ? – Kwakiutl 24/7, 2020 at 4:59

-1

    SSLContext sc = SSLContext.getInstance("TLSv1.2");
    sc.init(null,null,null);
    SSLSocketFactory sf = sc.getSocketFactory();
    SSLSocket ss = (SSLSocket)sf.createSocket();
    String[] pro = {"TLSv1.2"};
    String[] cipherSuites = {"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"};
    //ss.setEnabledProtocols(pro);
    ss.setEnabledCipherSuites(cipherSuites);
    System.out.println(Arrays.toString(ss.getEnabledProtocols()));

I have tried this code, the output is "[TLSv1, TLSv1.1, TLSv1.2]", It should mean this supports "TLSv1, TLSv1.1, TLSv1.2". I'm confused that how to set to TLSv1.2 only with HttpsUrlConnection ?

Phanerozoic answered 4/8, 2021 at 3:1 Comment(1)

(0) this is not an answer, and StackExchange is designed to have questions in the section labelled question and answers in the section labelled answers. (1) This sets the protocols and ciphersuite for an SSLSocket you use directly, not for an HttpsURLConnection which creates its own socket. The 4-year-old correct answers address HttpsURLConnection. (2) Although you leave 1(.0),1.1,1.2 formally enabled, you specify a ciphersuite that only works in 1.2, so if the peer agrees to 1.2 and that ciphersuite you get 1.2 and otherwise you get failure; you never get 1.1 or 1.0. – Ranie 4/8, 2021 at 3:28

References

Recommended topics

Hot tags