support for TLS v1.2

Question

support for TLS v1.2

Closed this issue 8 years ago · 5 comments

Hi,
i try to connect to a mattermost-host which only supports TLS v1.1/v1.2 and i always get a javax.net.ssl.SSLException: Received fatal alert: protocol_version

Adding -Ddeployment.security.SSLv2Hello=false -Ddeployment.security.SSLv3=false -Ddeployment.security.TLSv1=false -Ddeployment.security.TLSv1.1=true -Ddeployment.security.TLSv1.2=true to jenkins' java-cmd did not help.
Adding -Dhttps.protocols=TLSv1.2 to the global MAVEN_OPTS did also not fix anything.

Any idea?

Answer 1 · 2016-09-05T09:17:53.000Z

What version of Java are you using?

I see some other possible parameters, as in http://stackoverflow.com/a/37425048/4508078

If I understand correctly, TLSv1 is potentially equivalent to TLSv1.* (so you may need to be explicit about TLSv1.0)

Answer 2 · 2016-09-09T07:18:05.000Z

# java -version
java version "1.7.0_111"
OpenJDK Runtime Environment (IcedTea 2.6.7) (7u111-2.6.7-1~deb8u1)
OpenJDK 64-Bit Server VM (build 24.111-b01, mixed mode)

I added -Djdk.tls.client.protocols=TLSv1 to jenkins' options and still have the same error...
Btw, i use caddy as TLS-proxy.

Answer 3 · 2016-09-12T10:42:51.000Z

java 7 uses TLSv1 as it's default TLS protocol.
This doesn't match the protocols supported by your mattermost host.
You could try to override this default using: -Dhttps.protocols=TLSv1.1,TLSv1.2

Ref: https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https

Answer 4 · 2016-11-10T08:59:21.000Z

@Finkregh did you have any progress here?

Answer 5 · 2016-12-04T08:50:08.000Z

I will close this now for lack of information. If anything new comes up, feel free to reopen!