Java security/network team has implemented new TLS 1.2 features, which is available in JDK7 b118, deploymnet could use these new APIs and added feature to make code more robust. The following are items we should consider to implement:

In the TLS12 implementation, we address the following features:
F1. support public API to enable hostname verification during handshaking
F2. support TLS 1.2
F3. disable weak algorithms
F4. support TLS Server Name Indication (SNI) extension.

Besides switch to use new X509ExtendedTrustManager, the deploy code may also need to pay attention to other updates as well.

F1. support public API to enable hostname verification during handshaking
We add new X509ExtendedTrustManager. For deploy code, it is OK to replace the old one with the new X509ExtendedTrustManager. However, because of TLS 1.2 and weak algorithms checking, the logic will be a lot complex. Another alternative way is switch to use the HostnameVerifier, the difference is that the HostnameVerifier will be get called during handshaking rather than after the handshaking. But I'm not sure whether the deploy code is able to get the SSLSocket handle or not.

F2. support TLS 1.2.
TLS 1.2 need to select the key and trusted certificate according to new rules. I think it may have impact on deploy code dialog when select key or certificates.

F3. disable weak algorithm
We enable more flexible to disable weak algorithms, and TLS 1.2 may also want to customize what types of algorithms are support or not.