We have an old End-Of-Life server that requires TLS1.0, specifically the SSL_RSA_WITH_RC4_128_MD5 cipher, but while using the default TLS overrides of -Dhttps.protocols="TLSv1 -Djdk.tls.client.protocols="TLSv1" on the client does get us a TLS1.0 handshake, the SSL_RSA_WITH_RC4_128_MD5 cipher is not in the list of 15 ciphers the Java client includes in the Client Hello packet.
I have tried editing my java.security file (tested changing jdk.tls.disabledAlgorithms, jdk.certpath.disabledAlgorithms, and jdk.tls.legacyAlgorithms) and using the below code, but nothing seems to get the desired cipher in the list the client sends to the server.
| SSLContext sslContext = SSLContexts.createDefault(); |
| SSLEngine sslEngine = sslContext.createSSLEngine(); |
| String[] oldCiphers = sslEngine.getEnabledCipherSuites(); |
| |
| String[] newCiphers = new String[oldCiphers.length + 1]; |
| System.arraycopy(oldCiphers, 0, newCiphers, 0, oldCiphers.length); |
| newCiphers[oldCiphers.length] = "SSL_RSA_WITH_RC4_128_MD5"; |
| |
| sslEngine.setEnabledCipherSuites(newCiphers); |
| SSLContext.setDefault(sslContext); |
| |
| CloseableHttpClient httpclient = HttpClients.createDefault(); |
| HttpGet httpget = new HttpGet(args[0]); |
What must one do to get this old realized-low-security-cipher in effect so that it is listed as an available cipher on Client Hello handshake?
NOTE: I am not a native Java developer, so my apologies if any of my context is in poor form - I am attempting to aid a partner whose application quit working when they upgraded to Java 8. The above code is a very simple test application I wrote to work on this for them.