I am trying to hit a webservice which supports TLSv1.2. I am using Java 1.4. It does not support TLSv1.2.

Now someone told me that BC could solve my problem. Though does it work with a SSLEngine as drop in replacement somehow? Is this possible with BC?

What do I have to do to get a working SSLEngine (for use with TLSv1 in a nonblocking io scenario) without such low restrictions on primesize for DH.

What I tried:

Security.addProvider(new BouncyCastleProvider()); 

This alone seems not to solve the problem.

So instead of

SSLContext.getInstance("TLSv1");  //which works alas only little DH keys. 

I tried calling the following:

SSLContext.getInstance("TLSv1","BC"); 

SSLContext.getInstance("TLS","BC");

SSLContext.getInstance("TLSv1.2","BC");  

SSLContext.getInstance("ssl","BC"); 

Though all of them throws NoSuchAlgorithmException.

I could solve this by using bctls lib, but unfortunatelly it doesn't seem to have a version for Java 1.4.

The only version that I could find in Bouncy Castle's website and in Mvn Repository is bctls-jdk15on-157 (for Java >= 1.5).

Anyway, if an upgrade of your Java version is possible, you just need to add this jar to your project and use the org.bouncycastle.jsse.provider.BouncyCastleJsseProvider class (I've used Java 1.7 for this test):

// add the JSSE provider
Security.addProvider(new BouncyCastleJsseProvider());

// tests
SSLContext.getInstance("TLSv1.1", BouncyCastleJsseProvider.PROVIDER_NAME);
SSLContext.getInstance("TLSv1.2", BouncyCastleJsseProvider.PROVIDER_NAME);
SSLContext.getInstance("TLSv1", BouncyCastleJsseProvider.PROVIDER_NAME);

All tests above run without error.

Checking all the SSL protocols supported:

SSLContext context = SSLContext.getInstance("TLSv1", BouncyCastleJsseProvider.PROVIDER_NAME);
System.out.println(Arrays.toString(context.getSupportedSSLParameters().getProtocols())); // [TLSv1.1, TLSv1, TLSv1.2]

The output is:

[TLSv1.1, TLSv1, TLSv1.2]