I have a business server i am trying to connect to using java,but to do that they demand the Tls version be either 1.1 or 1.2.
I have openssl installed in my computer and i seem to be using Tls version 1.1. I i tested my openssl installation with this command
openssl s_client -host google.com -port 443
and this is the result
SSL-Session:
Protocol : TLSv1
Cipher : AES128-SHA
Session-ID: FFE6DD3F1F78EC17999809D875E12D5138573BE52BCAA2EB55225F2EFE864127
Session-ID-ctx:
Master-Key: 7599DC1A0FDC8BC41431D7907EE933BE7527D2A658ADFC6B34B2CAB3D071DD7E13B6ED2C7C35A6EABDCA52943B1155A2
Key-Arg : None
Start Time: 1489987373
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
some info has been left out for readability purposes but you can test out in your terminal.
This is my java version
java version "1.8.0_121"
Java(TM) SE Runtime Environment (build 1.8.0_121-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode)
How can i make my java keytool to generate a certificate with a Tls version 1.1 or 1.2?.
The certificate should be immaterial of the transport.
Without knowing what you are using for the server side, it will be a bit difficult to determine what your best course of action should be.
You can force s_client into using just tls 1.2 by passing the -tls1_2 switch, but that is not really what you want.
So, say you were using Tomcat 8 (and the non-APR HTTP connector), you could configure for just TLSv1.2 using the attribute sslEnabledProtocols="TLSv1.2".
The sslEnabledProtocols essentially maps to the SSLSocket.setEnabledProtocols() method of Java. Jetty probably has a similar configuration.
If you are using Apache HTTPd or nginx, there is probably documentation that will state how to do that as well.