tls1.2

If I set Security.setProperty("ocsp.enable", "true") , will an SSLSocket or SSLServerSocket connection automatically check for certificate revocation using OCSP? Do I have to do the OCSP check manually when creating the socket? (I'm not using CRLs.) You can use this TrustManager implementation I whipped up for some testing which is based on the OCSP checking code on XueLei.Fan's blog . I have used this with Netty based on the their HttpSnoopClient hitting https://www.mozilla.org/en-US/ and it works. import io.netty.handler.ssl.util.SimpleTrustManagerFactory; import io.netty.util.internal

I'm using WinHttpConnect in order to establish an https connection between my windows app and a remote server. However, my server doesn't necessarily have DNS address so the connection is made with setting pswzServerName to raw IPV4 address. WINHTTPAPI HINTERNET WINAPI WinHttpConnect ( IN HINTERNET hSession, IN LPCWSTR pswzServerName, IN INTERNET_PORT nServerPort, IN DWORD dwReserved ); Since there are several services on that remote server, I also need to specify the SNI (Server Name Indication) so that the TLS handshake will pass. How can I pass the SNI separately from the IP address?

I am communicating with one of the host in Java using Apache HttpClient and it is throwing handshake_failure . The full trace is trigger seeding of SecureRandom done seeding SecureRandom Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC

According to .net guidance of TLS protocol programming , it suggests to config security via appcontext switch when your project targets on .net 4.6. This way works when add appcontext in app.config for console application. However, it doesn't work when add appconext switch in web.config for website project. This is the config I add. <runtime> <AppContextSwitchOverrides value="Switch.System.Net.DontEnableSchUseStrongCrypto=false;Switch.System.Net.DontEnableSystemDefaultTlsVersions=false"/> </runtime> AppContext switches usage in web config file: <appSettings> <add key="AppContext.SetSwitch

I am running ColdFusion 9.0 Hotfix 3. I am trying to get a TLSv1.2 to work for cf_http tag. I started with an upgrade to Java 7 Update 80 and then Java 8 Update 25. Using Wireshark it looks like it is still connecting trying TLSv1.0 and the end point will only take TLSv1.2 From what I have read Java 7 and 8 support TLSv1.2, but doesn't seem to be a way to get Cold Fusion to use it. Any ideas? Windows 2008 32bit On a side note I know version 9 is old and I am working on upgrading to a new version, but this part came up and needs to be done before we planned to finish the upgrade and testing and

Have a JDK7 app running on Tomcat and it does have the following env settings: -Dhttps.protocols=TLSv1.1,TLSv1.2 The above setting ensures that we don't use TLS 1.0 when connecting over HTTPS while making API calls etc. We also use the org.springframework.mail.javamail. JavaMailSenderImpl class to send outgoing SMTP email, and use these props: mail.smtp.auth=false;mail.smtp.socketFactory.port=2525;mail.smtp.socketFactory.fallback=true;mail.smtp.starttls.enable=true The problem is that the connection to the SMTP email server is failing when it's upgraded to TLS1.2. javax.net.ssl