We have a spring boot app with an embedded Tomcat server. I started getting protocol version errors recently which I think could be due to an update. These errors originally surfaced locally after a spring boot upgrade so that is probably related. We are still on Java 8.
I resolved this initially by adding -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 to my app startup.
However, whenever trying to call my app I now get the following error:
java.lang.IllegalArgumentException: TLSv1.3
at sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:187)
at sun.security.ssl.ProtocolList.convert(ProtocolList.java:84)
...
at
org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
With postman I tried forcing this by excluding TLSv1.3, With curl I tried using --tls-max 1.2 combined with tlsv1.2 but the same error still happens. How can I determine where v1.3 is being used and prevent it from happening?
