How to enable the TLSv1.2 support in java 7

Question

We wanted to enable the TLSv1.2 protocol with version of Java 7, while also ensuring support for the lower versions.

I am aware that we can utilize SSLContext.getInstance("TLSv1.2") to activate TLSv1.2. However, our scenario involves the utilization of an Axis repository, specifically the org.apache.commons.httpclient.* packages, for conducting SOAP calls.

We've implemented the usage of ProtocolSocketFactory to register the protocol, and in this context, we've designed a custom protocol factory class that extends HttpSecureProtocol.

Now using this existing code how can I achieve this.

**Initialization class:

PropertiesLoader props = PropertiesLoader.getInstance();
        // Mask the system variable. Causes problems, as not-commons-ssl expects the private key to be there
        Properties sysProps = System.getProperties();
        String sysKeystore = (String) sysProps.remove("javax.net.ssl.keyStore");
        // use client keystore for connection factory
        ProtocolSocketFactory factory = new FixedProtocolSocketFactory(KEYSTORE, KEYSTORE_PASS);
        Protocol.unregisterProtocol("https");
        Protocol.registerProtocol("https", new Protocol("https", factory , HttpsURL.DEFAULT_PORT));
        Protocol.registerProtocol("https", new Protocol("https", factory , 8443));
        if (sysKeystore != null) {
            sysProps.setProperty("javax.net.ssl.keyStore", sysKeystore);
        }

**Custom class: **

public class FixedProtocolSocketFactory extends HttpSecureProtocol {
    
    public FixedProtocolSocketFactory(final String keystore,
            final String keystorePassword) throws GeneralSecurityException, IOException {

        super();
        TrustChain trustChain = TrustMaterial.CACERTS;
        super.setTrustMaterial(trustChain);
        File keystoreFile = new File(keystore);

        // prepare key material
        if (keystoreFile != null && keystoreFile.exists()) {
            char[] ksPass = null;
            if (keystorePassword != null) {
                ksPass = keystorePassword.toCharArray();
            }
            KeyMaterial km = new KeyMaterial(keystoreFile, ksPass.clone());
            super.setKeyMaterial(km);


        }

    }

**NOTE **: Can't upgrade to an higher versions of java

**What has been tried? **

1. We have defined the protocols in the custom class .
2. Implemented the socket class in the Initialization class.

**What I am expecting? **Need to do the handshake with TLSv1.2 in a SOAP call.

Answer 1

While I strongly question using an unsupported Java version and using anything less than TLS 1.2, it's pretty straight forward:

 SSLContext sslContext = SSLContexts.custom()
     .build()

SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
     sslContext,
     new String[]{ "TLSv1.0", "TLSv1.1", "TLSv1.2" },
     null,
     SSLConnectionSocketFactory.getDefaultHostnameVerifier())

Your HttpClient calls will now accept TLS 1.2 and below.