clojure https connect using TLS 1.2 protocol

Question

Trying connect to https server (https://3dsecure.kkb.kz) using TLS 1.2.

(defn- http-request-clojure [xml req-type]
  (let [url-info  (url-map  req-type)
   (prepare-response (.toString (:body (client/get
                                        (str (:url url-info) "?"
                                             (and (:name url-info)
                                                  (str (:name url-info) "="))
                                             (URLEncoder/encode xml))
                                        {:insecure? true
                                         :socket-timeout 10000
                                         :conn-timeout 10000}))))))

Got error "javax.net.ssl.SSLException: Received fatal alert: protocol_version"

openssl 1.0.1g , java 7.

Any ideas what goes wrong?

Answer 1

It's not you, it's them: from their Qualys SSL Labs report:

Java 6u45   No SNI 2    Protocol or cipher suite mismatch   Fail3
Java 7u25               Protocol or cipher suite mismatch   Fail3
Java 8u31   TLS 1.2     TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)   No FS     112

at least from today. They could fix this at any time, so hopefully you have a close enough relationship to politely encourage them to folow that link, and perhaps update openssl to they aren't vulnerable to this protocol downgrade attack.

This is almost always a simple matter of changing the nginx or apache config, though it can take a little fiddling to ensure all devices can still connect. SSL labs is an amazing resource for figuting this out.

From your perspective, is using Java 8 an option? It will be the easiest way past this.