Extremely Serious

Month: July 2020

Java 6 to use TLS 1.2 by using BouncyCastle

  1. Download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6. (i.e. if the link is already dead then download this instead jce_policy-6.)
  2. Extract the downloaded archive and follow the installation procedure found in the README.txt.
  3. Download the following Bouncy Castle libraries:
  4. Place the downloaded libraries into ${JAVA_HOME}/jre/lib/ext directory.
  5. Update the java.security (i.e. found in ${JAVA_HOME}/jre/lib/security directory.) file to have the following as the priority:
    security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider
    security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider
    

    Adjust the other security.provider to start from 3 like the following:

    security.provider.3=sun.security.provider.Sun
    security.provider.4=sun.security.rsa.SunRsaSign
    security.provider.5=com.sun.net.ssl.internal.ssl.Provider
    security.provider.6=com.sun.crypto.provider.SunJCE
    security.provider.7=sun.security.jgss.SunProvider
    security.provider.8=com.sun.security.sasl.Provider
    security.provider.9=org.jcp.xml.dsig.internal.dom.XMLDSigRI
    security.provider.10=sun.security.smartcardio.SunPCSC
    security.provider.11=sun.security.mscapi.SunMSCAPI
    
  6. Try the following Java code:
    import java.io.BufferedReader;
    import java.io.IOException;
    import java.io.InputStreamReader;
    import java.net.HttpURLConnection;
    import java.net.ProtocolException;
    import java.net.URL;
    
    public class Main {
    
        public static void main(String[] args) {
            try {
                URL url = new URL("https://www.nist.gov/");
                System.out.println(url);
                HttpURLConnection connection = (HttpURLConnection) url.openConnection();
                connection.setRequestMethod("GET");
                connection.setDoOutput(true);
                System.out.println(connection.getResponseCode());
                StringBuilder response = new StringBuilder();
                BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
    
                try {
                    String line = reader.readLine();
                    while (line != null) {
                        response.append(line);
                        line = reader.readLine();
                    }
                } finally {
                    reader.close();
                }
    
                System.out.println(response.toString());
            }
            catch(ProtocolException exception) {
                exception.printStackTrace();
            }
            catch(IOException exception) {
                exception.printStackTrace();
            }
        }
    }

    You should be able to access it without any SSL handshake error.

    Alternatively, you can opt to use the official JDK 6u121 via the Java SE 6 Advanced and Java SE 6 Support if you have availed of it.