Engineering Blog

A couple of quick TLS suggestions for Java developers

A couple of quick TLS suggestions for Java developers:
  1. If you can, update to Java 8 or later. Starting in Java 8, TLS 1.2 is enabled by default.
  2. If are stuck on Java 7 and can’t update to Java 8 or later:
    1. If you can control the command-line arguments that are passed to the JVM, add “-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2” to the JVM startup options.
    2. If you can’t control the command-line arguments that are passed to the JVM, there’s a “backdoor” way to control the JVM’s behavior. You can create an environment variable: _JAVA_OPTIONS=-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2. Google or StackOverflow will give you more details on how to set up _JAVA_OPTIONS on your platform.