When using the Azure IoT Java SDK in your application, you may wish to control which version of TLS is used and which ciphers are used by TLS.
To restrict the TLS version, one should use the jdk.tls.client.protocols system property. This property was introduced to JDK7 7u95 and to JDK6 6u121.
To restrict to the most secure version (e.g. TLS 1.2) one should configure explicitly to that version.
$ java -Djdk.tls.client.protocols="TLSv1.2" yourApp
Additionally, if one wishes to control which ciphers are employed by TLS when used by their application, one should use the jdk.tls.disabledAlgorithms property of the java.security file. This file works as a ban list, disabling unsupported ciphers.
On JDK 8 and earlier, the java.security file is under folder %JAVA_HOME%/lib/security. For JDK 9, it’s under folder %JAVA_HOME%/conf/security.
To see syntax examples on disabling ciphers, see Oracle's JDK and JRE Cryptographic Algorithms section Disable the TLS DES cipher suites.
- Additional information on Oracle's JDK and JRE Cryptographic Algorithms