JMS connection handshake is failing for SSLCipherSuite SSL_RSA_WITH_3DES_EDE_CBC_SHA

Question

I am using Spring boot 1.2.2 and JDK1.8.0.40, I have specified the SSL cipher suit as SSL_RSA_WITH_3DES_EDE_CBC_SHA and also import cer file to keystore.

When I run my p

Answer 1

SSL_RSA_WITH_3DES_EDE_CBC_SHA is an SSL 3 cipher suite. SSL 3 is insecure and disabled by default in Java 8. Is there any reason why you're using a ciphersuite for an insecure protocol?

If you want to stick to a single cipher suite, you can pick one that Java 8 supports.

Answer 2

New JDK versions keep on updating the minimal security level, which is good. But it's not always easy (or possible) to keep these protocol restrictions up-to-date on all components involved.

The best way is really to pick a cipher suite that is supported.

But if you are in development (and know what you are doing) you can, for testing, remove this restriction by editing your JDK's jre\lib\security\java.security file.

Search for jdk.tls.disabledAlgorithms and remove or edit the restrictions

# previously: 
# jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768
jdk.tls.disabledAlgorithms=MD5withRSA, DH keySize < 768