0

My client dials a server. We've recently adopted a security policy to allow only TLS 1.2 connections but we are being soft with the transition: If the server and client cannot agree on a TLS 1.2 socket, then some warning is raised for this issue to be fixed but connection should proceed as normal.

So, I am not really looking for a way to enforce my client to only create TLS 1.2 connection but a way to know which one is currently used.

My question is about how to get that information from the live socket.

Here's how my client creates sockets:

public static SSLSocket getSSLsocket (String hostFQDN, int port, String ksFullPath, String ksPassword, String pkPassword) {
    try {
        SSLContext context = SSLContext.getInstance("TLS");
        KeyManagerFactory keyMngFactory = KeyManagerFactory.getInstance("SunX509");
        KeyStore keyStore = KeyStore.getInstance("PKCS12");

        keyStore.load(new FileInputStream(ksFullPath), ksPassword.toCharArray());
        keyMngFactory.init(keyStore, pkPassword.toCharArray());
        context.init(keyMngFactory.getKeyManagers(), null, null);
        //TODO: We are going to need a truststore definition... Meanwhile: System.setProperty("javax.net.ssl.trustStore", "src/resources/certificates/epp/cacertsuk");
        SSLSocketFactory sslScktFactory = context.getSocketFactory();
        return (SSLSocket) sslScktFactory.createSocket(hostFQDN, port);
    } catch (Exception e) {
        throw new RuntimeException("Could not create SSL socket", e);
    }
}

I am aware of this question: How to find what SSL/TLS version is used in Java , where the leading answer seems to say I can get the SSLSession from the SSLSocket and then call .getProtocol... But an example on how to do this was not provided and I was unable to find the solution myself

DraxDomax
  • 1,008
  • 1
  • 9
  • 28
  • Well... That question has, as an answer, a reference to the same question I referred to. The code is lacking. Although, I must admit it's not a lot of code lacking :) – DraxDomax Aug 12 '20 at 17:27

1 Answers1

1

Ah, my problem is because above this class, I am using socket as a generic object, which could be plaintext or SSL... So, when I try to do socket.getSession - I don't see that method...

So far, I am doing:

public String getTls () {
    SSLSocket temporaryReference = (SSLSocket) socket;
    SSLSession sslSession = temporaryReference.getSession();
    return sslSession.getProtocol();
}

And I am getting:

TLSv1.2

Now, I can do the easy part :)

I realize this may not be the most valuable question on SO but it may be useful for people looking to do what I am looking to do... Anyway it is now beyond such mortals as myself to decide what happens with the question. Thanks anyway.

DraxDomax
  • 1,008
  • 1
  • 9
  • 28