Java - How can I disable a TLS cipher for only some protocols using JVM Config?

Question

I\'ve seen lots of examples of disabling TLS ciphers in java using jdk.tls.disabledAlgorithms, for example:

 jdk.tls.disabledAlgorithms=MD2, RSA keySize < 102         


        

Answer 1

JSSE docs say that the https.protocols property can store comma separated list of supported protocols in a given SSL context, however this property is used by current JSSE implementation, but could be disregarded by other vendors or future versions, so YMMV.

Programatically you can achieve it like so:

SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket();
socket.setEnabledCipherSuites(new String[] {
    CipherSuite.TLS_RSA_WITH_RC4_128_MD5.javaName,
    CipherSuite.TLS_RSA_WITH_RC4_128_SHA.javaName,
});

//allow TLS1.2 only
socket.setEnabledProtocols(new String[] {
    TlsVersion.TLS_1_2.javaName,
});