Java - SSL connection issue with java 7 under version 131

Problem

When running with the SeaLights Java agent, depending on the proxy and security setting, an SSL connection can be encountered when using java 7 with a version lower that 131.

Cause

This is due to TLS 1.2 not being added by default till java 7 version 131 (See https://www.oracle.com/technetwork/java/javase/7u131-relnotes-3338543.html)

Solution

The solution is to upgrade java to version 131 or later which will automatically support TL1.2, if you are using an older version of Java 7 then you can add the following JVM param: -Dhttps.protocols=TLSv1.2.

Add TLS v1.1 and v1.2 to the client list of default-enabled protocols
TLSv1.2 and TLSv1.1 are now enabled by default on the TLS client end-points.
This is similar behavior to what already happens in JDK 8 releases.

In some cases there may be a cipher suite mismatch between the Java 7 environment and the TLS 1.2 supporting peer.
Additional ciphers can be added using an extra JVM param e.g. "-Dhttps.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA256" (comma separated list if adding multiple ciphers)

Page:

SeaLights Java Agent - AWS Lambda Support
Page:

.Net/.NetCore - I don't know what namespace to configure
Page:

SeaLights Java agent - Command Reference
Page:

SeaLights CD Agent
Page:

SeaLights CD Agent for Java Application

Problem

Cause

Solution

Related articles