I have a https web service running on java 7. I need to make changes so that this service only accepts tls1.2 connection and reject ssl3, tls1.0 and tls1.1.
I have added the following java parameter so that tls1.2 is highest priority.
jdk.certpath.disabledAlgorithms= MD2, MD4, MD5, SHA224, DSA, EC keySize < 256, RSA keySize < 2048, SHA1 keysize < 224
jdk.tls.disabledAlgorithms=DSA, DHE, EC keySize < 256, RSA keySize < 2048, SHA1 keysize < 224
I found a solution for this. I set the
jdk.tls.disabledAlgorithms= SSLv2Hello, SSLv3, TLSv1, TLSv1.1
in the file jre/lib/security/java.security on the server.
After setting this, server only accepts the TLS1.2 connection and reject lower security protocol versions.