Disable versions of SSL/TLSv below TLSv1.2

Document ID : KB000071619
Last Modified Date : 12/03/2018
Show Technical Document Details
Introduction:
Remote Server is  using TLSv1.2 for encrypting communications.  How do you disable older versions of SSL/TLS below TLSv1.2? 
Environment:
All supported DevTest Environments
Instructions:
To Disable SSLv3/TLSv1.0 follow the below commands:

On the box running DEVTEST, determine the home directory of the Java Runtime Engine (JRE). 
If the JRE that ships with DevTest is being used, that JRE is located in DEVTEST_HOME/jre/. 

On a Unix box, you can use the which Java command to determine the path to the JRE. 

From the JRE directory found above, navigate to the jre/lib/security folder and find the java.security file. 

In the java.security file, edit these 2 changes: 

jdk.certpath.disabledAlgorithms=TLSv1, SSLv3, DSA, DESede, DES, MD2, MD5, RSA keySize < 1024 
jdk.tls.disabledAlgorithms=TLSv1, MD5, SSLv3, RC4, MD5withRSA, DSA, DESede, DH keySize < 768, RSA keySize < 1024

It is not necessarily important that you put the restrictions on the RSA keySize and DH keySize as shown; those are recommendations but not mandatory.

Save your changes to the java.security file. With these changes, every Java application that is executed using the modified JRE will have TLSv1 and SSLv3 disabled.