Enabling TLS 1.0 and 1.1 on ZAP 2.15
40 views
Skip to first unread message
David De Paolis
May 17, 2024, 9:07:24 AM5/17/24
to ZAP User Group
Hi all ! I'd need to scan an old webserver which supports only TLS 1.0 ; is it still possible enabling TLS 1.0 and 1.1 (eventually) on 2.15 version ? eventually, how ?
Thanks and regards !
Thanks and regards !
thc...@gmail.com
May 17, 2024, 12:38:31 PM5/17/24
to zaprox...@googlegroups.com
Hi,
It's possible but that needs to be enabled in the JRE first (if still
supported), details in:
https://www.java.com/en/configure_crypto.html#DisableTLS
(Do the reverse to enable.)
Best regards.
It's possible but that needs to be enabled in the JRE first (if still
supported), details in:
https://www.java.com/en/configure_crypto.html#DisableTLS
(Do the reverse to enable.)
Best regards.
xeno6696
Dec 11, 2024, 6:11:00 PM12/11/24
to ZAP User Group
Hi, following up from this old thread here. I'm attempting to do exactly this to test some IoT devices that my company uses, and when following the instructions you gave here and passing the JVM argument "-Djdk.tls.client.protocols="TLSv1"" (As the JVM settings themselves were not sufficient) I end up in a scenario where ZAP just crashes:
Failed to start ZAP
Message:
java.lang.NoClassDefFoundError: Could not initialize class org.zaproxy.addon.network.internal.server.http.HttpServer
Level:
SEVERE
Stack Trace:
Could not initialize class org.zaproxy.addon.network.internal.server.http.HttpServer
org.zaproxy.addon.network.ExtensionNetwork.createLocalServer(ExtensionNetwork.java:865)
org.zaproxy.addon.network.ExtensionNetwork.startLocalServers(ExtensionNetwork.java:915)
org.zaproxy.addon.network.ExtensionNetwork.execute(ExtensionNetwork.java:1248)
org.parosproxy.paros.extension.ExtensionLoader.runCommandLine(ExtensionLoader.java:555)
org.parosproxy.paros.control.Control.runCommandLine(Control.java:431)
org.zaproxy.zap.GuiBootstrap.initControlAndPostViewInit(GuiBootstrap.java:325)
org.zaproxy.zap.GuiBootstrap$2.run(GuiBootstrap.java:174)
java.base/java.lang.Thread.run(Thread.java:1570)
Exception java.lang.IllegalArgumentException: No supported protocol(s) set. [in thread "ZAP-BootstrapGUI"]
org.zaproxy.addon.network.internal.TlsUtils.filter(TlsUtils.java:138)
org.zaproxy.addon.network.internal.TlsUtils.filterUnsupportedTlsProtocols(TlsUtils.java:115)
org.zaproxy.addon.network.internal.handlers.TlsConfig.<init>(TlsConfig.java:68)
org.zaproxy.addon.network.internal.handlers.TlsConfig.<init>(TlsConfig.java:52)
org.zaproxy.addon.network.internal.server.http.HttpServer. (HttpServer.java:77)
org.zaproxy.addon.network.ExtensionNetwork.createHttpServer(ExtensionNetwork.java:528)
org.zaproxy.addon.network.ExtensionNetwork.createHttpServer(ExtensionNetwork.java:426)
org.zaproxy.zap.extension.hud.tutorial.TutorialProxyServer.getServer(TutorialProxyServer.java:136)
org.zaproxy.zap.extension.hud.tutorial.TutorialProxyServer.start(TutorialProxyServer.java:145)
org.zaproxy.zap.extension.hud.ExtensionHUD.optionsLoaded(ExtensionHUD.java:240)
org.parosproxy.paros.extension.ExtensionLoader.hookAllExtension(ExtensionLoader.java:990)
org.parosproxy.paros.extension.ExtensionLoader.startLifeCycle(ExtensionLoader.java:836)
org.parosproxy.paros.control.AbstractControl.loadExtension(AbstractControl.java:58)
org.parosproxy.paros.control.Control.init(Control.java:156)
org.parosproxy.paros.control.Control.initSingletonWithView(Control.java:389)
org.zaproxy.zap.GuiBootstrap.initControlAndPostViewInit(GuiBootstrap.java:229)
org.zaproxy.zap.GuiBootstrap$2.run(GuiBootstrap.java:174)
Failed to start ZAP
Message:
java.lang.NoClassDefFoundError: Could not initialize class org.zaproxy.addon.network.internal.server.http.HttpServer
Level:
SEVERE
Stack Trace:
Could not initialize class org.zaproxy.addon.network.internal.server.http.HttpServer
org.zaproxy.addon.network.ExtensionNetwork.createLocalServer(ExtensionNetwork.java:865)
org.zaproxy.addon.network.ExtensionNetwork.startLocalServers(ExtensionNetwork.java:915)
org.zaproxy.addon.network.ExtensionNetwork.execute(ExtensionNetwork.java:1248)
org.parosproxy.paros.extension.ExtensionLoader.runCommandLine(ExtensionLoader.java:555)
org.parosproxy.paros.control.Control.runCommandLine(Control.java:431)
org.zaproxy.zap.GuiBootstrap.initControlAndPostViewInit(GuiBootstrap.java:325)
org.zaproxy.zap.GuiBootstrap$2.run(GuiBootstrap.java:174)
java.base/java.lang.Thread.run(Thread.java:1570)
Exception java.lang.IllegalArgumentException: No supported protocol(s) set. [in thread "ZAP-BootstrapGUI"]
org.zaproxy.addon.network.internal.TlsUtils.filter(TlsUtils.java:138)
org.zaproxy.addon.network.internal.TlsUtils.filterUnsupportedTlsProtocols(TlsUtils.java:115)
org.zaproxy.addon.network.internal.handlers.TlsConfig.<init>(TlsConfig.java:68)
org.zaproxy.addon.network.internal.handlers.TlsConfig.<init>(TlsConfig.java:52)
org.zaproxy.addon.network.internal.server.http.HttpServer. (HttpServer.java:77)
org.zaproxy.addon.network.ExtensionNetwork.createHttpServer(ExtensionNetwork.java:528)
org.zaproxy.addon.network.ExtensionNetwork.createHttpServer(ExtensionNetwork.java:426)
org.zaproxy.zap.extension.hud.tutorial.TutorialProxyServer.getServer(TutorialProxyServer.java:136)
org.zaproxy.zap.extension.hud.tutorial.TutorialProxyServer.start(TutorialProxyServer.java:145)
org.zaproxy.zap.extension.hud.ExtensionHUD.optionsLoaded(ExtensionHUD.java:240)
org.parosproxy.paros.extension.ExtensionLoader.hookAllExtension(ExtensionLoader.java:990)
org.parosproxy.paros.extension.ExtensionLoader.startLifeCycle(ExtensionLoader.java:836)
org.parosproxy.paros.control.AbstractControl.loadExtension(AbstractControl.java:58)
org.parosproxy.paros.control.Control.init(Control.java:156)
org.parosproxy.paros.control.Control.initSingletonWithView(Control.java:389)
org.zaproxy.zap.GuiBootstrap.initControlAndPostViewInit(GuiBootstrap.java:229)
org.zaproxy.zap.GuiBootstrap$2.run(GuiBootstrap.java:174)
java.base/java.lang.Thread.run(Thread.java:1570)
This only happens when providing the argument -Djdk.tls.client.protocols="TLSv1"
I'm attempting to prove to a customer that I really CAN make a connection via TLS v1 to his device. I've tried adding TTLSv2 to that argument as well, this results in only TLS 1.2 being selectable in the GUI.
I need better guidance about how to successfully make this connection.
thc202
Dec 12, 2024, 4:29:12 AM12/12/24
to zaprox...@googlegroups.com
Hi,
Did you already enable them in the security file?
You should not need to pass any JVM args, ZAP will use whatever is enabled.
Best regards.
Did you already enable them in the security file?
You should not need to pass any JVM args, ZAP will use whatever is enabled.
Best regards.
Reply all
Reply to author
Forward
0 new messages