Force TLS > 1.0 on AppEngine local development server in Java

Question

we need to connect to an external service using at least TLS 1.1, which doesn\'t work on the local development server using the Java SDK v. 1.9.32. Is there a way to force t

Answer 1

Adding to the above answer, since TLS 1.1 and 1.2 are disabled by default on JDK 7, if you don't want to use JDK 8 you can also try modifying the last line of dev_appserver.sh with the following flags:

exec "${RUN_JAVA}" "${SCRIPT_NAME}" \
    -Ddeployment.security.TLSv1.1=true -Ddeployment.security.TLSv1.2=true -ea -cp "${JAR_FILE}" \
    com.google.appengine.tools.KickStart \
    com.google.appengine.tools.development.DevAppServerMain "$@"

Or dev_appserver.cmd on Windows:

java -Ddeployment.security.TLSv1.1=true -Ddeployment.security.TLSv1.2=true -cp "%~dp0\..\lib\appengine-tools-api.jar" ^
    com.google.appengine.tools.KickStart ^
    com.google.appengine.tools.development.DevAppServerMain %*

Answer 2

My local Appengine development server started to use TLS 1.2 once I installed JDK 8 (before I was using JDK 7). JDK 8 uses TLS 1.2 by default.