bouncycastletls1.2jboss5.xjava-6

TLSv1.2 on Jboss 5.1.0 GA using Java 6 and BouncyCastle


I'm facing a problem with a Jboss server and the https connector, running on Java 6. I want to make my server using only TLSv1.2 and using the cipher suites "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" for decoding the certificate.

I know that Java 6 does not support TLSv1.2, but I added the Bouncy Castle JCE and JSSE provider to the JDK (https://www.bouncycastle.org/latest_releases.html) :

The java instruction : SSLContext.getInstance("TLSv1.2"); does not throw a NoSuchAlgorithmException anymore if I test it on a small test class.

On Jboss :

After that, jboss is still providing only SSLv3 and TLSv1 protocols for https connection.

Any solution ?

Thanks


Solution

  • I believe the 'sslProtocols' attribute translates to a call to SSLParameters.setProtocols (later given effect by SSLSocket.setParameters), and doesn't affect the SSLContext.getInstance call. So you are still getting a SunJSSE SSLContext because you added BCJSSE at lower priority.

    I suggest moving the BouncyCastleJsseProvider entry in java.security to a higher priority (than com.sun.net.ssl.internal.ssl.Provider).

    Also in java.security you will need to set the default KMF type from SunX509 to PKIX (change the existing entry):

    ssl.KeyManagerFactory.algorithm=PKIX
    

    This is because BCJSSE currently only works with its own KMF implementation.