I've been working on this problem for a week now, and I'm hoping someone has a workaround or other advice.
The requirement is to use TLSv1.1 and TLSv1.2 to do an HTTPS POST Connect from our JBOSS(5.1) application, BUT I'm running JDK 1.6 which does not support TLSv1.2
Originally I hoped to send this HttpURLConnection thru an Apache reverse proxy, and have Apache re-write it to TLSV1.2? That doesn't seem to be how it works.
I got the proxy working for JBOSS using TLS1.2 for everything, except the post connection continues to talk TLS1.0
What I discovered is;
1. Java HttpURLConnection creates a connection object, using TLS1.0 because its the only protocol available in Java 1.6
2. Java issues a HttpURLConnection.openConnection(proxy) request thru the proxy.
3. Apache opens the CONNECT and creates the TUNNEL to the requested server. No handshake or Protocol agreement.
4. Control is passed back to Java tries to do the handshakes and data transfer, using the Java TLS 1.0 connection object created earlier, but gets refused due to TLS1.0
My only goal was to get the Handshake and protocols to be negotiated by Apache, but unless someone has another idea, I'm starting to think this is not possible - outside of upgrading to Java 7 (which causes other issues)
### the Java connection ###############
URL post = new URL( "https", getHostAddress(), getHostPort(), "/somegateway/xyz.dll" );
Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("127.0.0.1",80));
postConn = (HttpURLConnection)post.openConnection(proxy);
postConn.setRequestMethod( "POST" );
postConn.setDoOutput( true );
BufferedReader in = new BufferedReader( new InputStreamReader( postConn.getInputStream() ) );
It sounds like you are trying to use apache as a forward-proxy.
I would try configuring apache as a reverse-proxy then I would forward a dummy URL to the real server URL and simply connect to the reverse proxy using plain http although it should also work using https.
You would remove all proxy knowledge from your java code, that's what reverse-proxy do, your java code doesn't need to have any knowledge of a proxy existence. Your current java code looks like you are trying to use apache like if it was a forward-proxy.
At the client I'm currently working for, we've recently upgraded from Java 6 to Java 7, and one of the main reasons to do so was because we needed TLSv1.2 support.
It might be easier to upgrade the Java version than to try all kinds of complicated setups to get it working. Java 6 (and even Java 7) have already been end-of-life for a while (Oracle does not provide any bug fixes and security updates anymore, unless you pay them), so it would be best to upgrade to Java 8, the currently supported Java version.