AWS SDK for Java support for TLS 1.2 - AWS SDK for Java

AWS SDK for Java support for TLS 1.2

The following information applies only to Java SSL implementation (the default SSL implementation in the AWS SDK for Java). If you’re using a different SSL implementation, see your specific SSL implementation to learn how to enforce TLS versions.

TLS support in Java

TLS 1.2 is supported starting in Java 7.

How to check the TLS version

To check what TLS version is supported in your Java virtual machine (JVM), you can use the following code.

System*.out.println(*Arrays*.toString(*SSLContext*.getDefault().getSupportedSSLParameters().getProtocols()));

To see the SSL handshake in action and what version of TLS is used, you can use the system property javax.net.debug.

java app.jar -Djavax.net.debug=ssl

How to set the TLS version

AWS SDK for Java 1.x

  • Apache HTTP client: The SDK always prefers TLS 1.2 (if it’s supported in the platform).

AWS SDK for Java 2.x

  • ApacheHttpClient: The SDK always prefers TLS 1.2 (if it’s supported in the platform).

  • UrlHttpConnectionClient: To enforce only TLS 1.2, you can use this Java command.

java app.jar -Djdk.tls.client.protocols=TLSv1.2

Or use this code.

System.setProperty("jdk.tls.client.protocols", "TLSv1.2");
  • NettyNioHttpClient: The SDK dependency for Netty is TLS 1.2 (if it’s supported in the platform).