Hi Everyone,
Currently we have Aveksa 6.9.1 on JBoss 4.x, java 1.6.x installed on RHEL 5.8 (Tikanga).
We want to change our existing SSL certificate to TLS1.2 certificate.
My question:
does our existing setup support this?
if yes then the steps to update/change the certificate.
Thanks
Yogesh Mishra
As far as I know, TLSv1.2 is not supported with java 1.6
https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https
Consider upgrading to RSA G&L v7 and higher as it comes with OpenJDK 1.7
Hi Boris,
Thanks for your response.
As per the doc JDK 6 update 111 and above supports TLSv1 (default) and SSLv3.
If possible, could you please provide steps/Doc to update TLS v1 certificate
Also, even at version 7.0 I noticed G&L runs with the option com.sun.net.ssl.enableECC=false, so this should restrict the choice of TLS key exchange and ability to use an ECDSA certificate.
However if your goal is not to change the SSL/TLS protocol version but simply to use a SHA-256 RSA certificate instead of SHA-1, then it should work with Java 1.6.
Thanks olivier for quick response.
We are not planning to upgrade 7.0 version currently. is there any way to install TLS1.1 on JDK 6?
Your requirement is not very clear, there is no direct relationship between the certificate and the TLS version.
If this is really about the TLS version, then version 1.2 has been added last year in JDK 6u121:
http://www.oracle.com/technetwork/java/javase/overview-156328.html#R160_121
And this older link explains JBoss configuration:
https://access.redhat.com/solutions/1232233
So there's a chance that enabling TLSv1.1 and TLSv1.2 in sslProtocols could work.
As far as I know, TLSv1.2 is not supported with java 1.6
https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https
Consider upgrading to RSA G&L v7 and higher as it comes with OpenJDK 1.7