TLS : Java Glossary

TLS (Transport Layer Security) is a protocol used communicate over an encrypted connection and to authenticate none, one or both of the participants. It is the successor to SSL (Secure Sockets Layer). The actual strength (number of bits is the key) of the encryption is decided by the site itself not by the browser as in SSL.

IETF (Internet Engineering Task Force) manages SSL and has renamed it TLS. People still usually refer to it as SSL. Properly TLS refers to the newer versions of the protocol and SSL to the older.

Java supports both TLS 1.1 RFC 5246 and RFC 6066 and TLS 1.2 RFC 5746. Java does not yet support TLS 1.3 RFC 5246. All you need to do is put https:// on the front of a URL (Uniform Resource Locator).

Starting in JDK (Java Development Kit) 1.8, Java by default uses TLS 1.8 described in RFC 5246 in appendix E.

In Java version 1.7, the Diffie-Hellman part of the exchange is hard-coded to 768 bits for unlimited strength and 512 bits for the default export version. In Java version 1.8, Diffie-Hellman part of the exchange is set to 1024 bits by default, however, it’s possible to increase the strength to 2048 bits with the

system property.

In the Java Control Panel, make sure you have TLS 1.2 support turned on.

Frustrating TLS

The problem with TLS is it is not really a standard. It is a higgledy piggledy collection of algorithms from which you might cobble a connection. It needs to be pruned down to core set of algorithms and key sizes that guaranteed everyone supports. There should be no need for the programmer to provide any hints on exactly which ones to use, other than perhaps the desired speed/security tradeoff in the form of a desirability ranking for the variants to override the default desirability order. A typical program connects to many sites. It makes no sense to require programmers to specifically tweak parameters for each one.

There are 9+ different key exchange algorithms used to kick off the session and 12+ different algorithms used once the exchange has started and 6+ different digest algorithms. It is a wonder any two parties each implementing some subset of these ever manage to communicate.

I have wasted days trying to figure out why Java refuses to connect to cdburner.x.se. Chrome tells me the site is using AES (Advanced Encryption Standard) 128-GCM for the connection and ECDHE-RSA for the key exchange. The webmaster tells me his certificate is 2048 bits, a Comodo Positive SSL CA 2 expires 2014-11-08. I have installed unlimited strength encryption. I have tried the

system property. I installed the root certificate for the Positive SSL CA 2 certificate in my cacerts files, all without success. It always says:

Books

Book referral for SSL and TLS: Theory and Practice

	recommend book⇒SSL and TLS: Theory and Practice
	by	Rolf Oppliger	978-1-59693-447-4	hardcover
	birth	1965-11-02 age:52
	publisher	Artech House
	published	2009-08-30
This is one of the few recent books on the topic. Nearly all of them were written around 2000. He is a computer science professor at the University of Zurich in Switzerland. Curriculum vitae.
Online bookstores carrying SSL and TLS: Theory and Practice abe books anz abe books.ca abe books.de amazon.ca amazon.de Chapters Indigo amazon.es Chapters Indigo eBooks iberlibro.com abe books.com abe books.fr amazon.com amazon.fr Barnes & Noble abe books.it Nook at Barnes & Noble amazon.it Kobo junglee.com Google play abe books.co.uk O’Reilly Safari amazon.co.uk Powells other stores
Greyed out stores probably do not have the item in stock. Try looking for it with a bookfinder.

Learning More