Java 8 with TLS 1.1 and TLS 1.2

Aug 5, 2016, 9:15 AM -05:00

Due to a recent audit finding, one of our customers requested that only TLS 1.2 be allowed and the cipher security level set to “high” (AES256-SHA256 DHE-RSA-ASE256-SHA256) on their Cisco ASA firewall. The AES256-SHA256 security ciphers are not proposed by Java 8 natively. In order to add the security ciphers, you must perform the steps below.

Directions to setup Java Cryptography Encryption (JCE) Unlimited Strength Jurisdiction Policy:

On your PC, browse to C:\Program Files (x86)\Java\jre1.8.XXX\lib\security
Rename files

Rename local_policy.jar to local_policy.jar.OLD
Rename US_export_policy.jar to US_export_policy.jar.OLD

Go to http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html for the following files:

Copy local_policy.jar to C:\Program Files (x86)\Java\jre1.8.XXX\lib\security
Copy US_export_policy.jar from to C:\Program Files (x86)\Java\jre1.8.XXX\lib\securit

Launch ASDM again and the ASA will negotiate to the DHE-RSA-AES256-SHA256 security cipher

Networking Java TLS