Java (javaws.exe) TLS10 is not accepted by client preferences [TLS12]

Question

All I want is just get the Video Redirection for my Server to work...

The old onboard-management only provide TLS1.0. This server has a properly installed certificate, where corresponding CA is also installed on my computer.

I have changed C:\Program Files\Java\jre1.8.0_291\lib\security\java.security.

I tried everything, also to just delete TLS1.0 and TLS1.1 from the List. But that didn`t help. Even when the list is completely empty, I get the same error.

Changes made:

#jdk.certpath.disabledAlgorithms=MD2, MD5, \
#    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
#    include jdk.disabled.namedCurves

jdk.certpath.disabledAlgorithms=

#jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
#      DSA keySize < 1024, include jdk.disabled.namedCurves

jdk.jar.disabledAlgorithms=

#jdk.tls.disabledAlgorithms=RC4, DES, MD5withRSA, \
#    DH keySize < 1024, EC keySize < 224, RSA keySize < 2048, 3DES_EDE_CBC, anon, NULL, \
#    include jdk.disabled.namedCurves

jdk.tls.disabledAlgorithms=

The Server uses: The connection to this site is encrypted and authenticated using TLS 1.0, RSA, and AES_128_CBC with HMAC-SHA1.

I have jre1.8.0_291 and jdk-15.0.1 installed. Both config files are identical in this regard (even thought the path is different: C:\Program Files\Java\jdk-15.0.1\conf\security\java.security. I still get the above error.

When I issue java --version in cmd.exe I get this output:

java 15.0.1 2020-10-20
Java(TM) SE Runtime Environment (build 15.0.1+9-18)
Java HotSpot(TM) 64-Bit Server VM (build 15.0.1+9-18, mixed mode, sharing)

I also entered the URL of the Website, from where I download the .jnlp file, into the "Configure Java" Application whitelist.

Do you have any ideas? Thanks in advance.

Answer 1

Fortunately I found the advanced tab in the "configure java" control panel. I can tick a checkbox there to use TLS1.0.

(Just as @JohannesB also commented).

I'll now change back to jdk.certpath.disabledAlgorithms=MD2, MD5, \ RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \ include jdk.disabled.namedCurves and so on; therefore I can only accept my cipher suite and disallow any other older suites, which makes it a bit less insecure.