About the normal access of Tls_rsa_with_3des_ede_cbc_sha support XP IE8 tls1.0 under Java 8

SSL support has recently been added for Aioserver. Tested on myssl.com, about "client handshake impersonation" found IE8 xp tls1.0 : handshake failed (server disconnected)

I tried again. Baidu.com and Taobao.com, about IE8 xp tls1.0, can shake hands successfully, using the "Cryptographic Suite": Tls_rsa_with_3des_ede_cbc_sha

Although IE8 now use less, but there should be some users in the domestic use, then find a way to let Java 8 support IE8 tls1.0 access it.

I've listed 65 available cryptographic suites by calling Sslengine.getsupportedciphersuites (), but none of them is related to 3DES.

Google a bit to find this article: https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html

The general meaning is to disable "Encryption Suite" by default in Java 8: "Ssl_rsa_with_3des_ede_cbc_sha".

Then go on to find out how to turn on "Ssl_rsa_with_3des_ede_cbc_sha" and find the answer:

Open the Security policy file in folder {Java_home}/jre/lib/security: java.security, modify the JDK.TLS.DISABLEDALGORITHMS option.

Jdk.tls.disabledAlgorithms default value for Java8:

1024x768224, DES40_CBC, rc4_40, 3DES_EDE_CBC

To turn on Ssl_rsa_with_3des_ede_cbc_sha, comment out the 3DES_EDE_CBC:

1024x768224, DES40_CBC, rc4_40#, 3DES_EDE_CBC 

In this case, call Sslengine.getsupportedciphersuites () lists 76 available cryptographic suites, the number of previously available encryption suites is 65.

The extra 12 available cryptographic suites are 3DES-related cryptographic suites: Tls_ecdhe_ecdsa_with_3des_ede_cbc_sha, Tls_ecdhe_rsa_with_3des_ede_cbc_sha, SSL _rsa_with_3des_ede_cbc_sha, ...

By testing just add Ssl_rsa_with_3des_ede_cbc_sha to support XP IE8 tls1.0 handshake.

About the normal access of Tls_rsa_with_3des_ede_cbc_sha support XP IE8 tls1.0 under Java 8