-
Sub-task
-
Resolution: Delivered
-
P4
-
6u121
-
Verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8174737 | 6u115 | Owen Stuart | P4 | Closed | Delivered | b32 |
TLS v1.2 is now a TLS protocol option with the release of JDK 6u121. By default, TLSv1.0 will remain the default enabled protocol on client sockets.
As an example, both the TLSv1.1 and TLSv1.2 protocols can be enabled for use on SSL/TLS connections via `SSLSocket/SSLEngine/SSLServerSocket`APIs:
```
e.g.
sslSocket.setEnabledProtocols(new String[] { "TLSv1.1", "TLSv1.2"});
or by setting up and using a TLSv1.2 based SSLContext :
e.g.
SSLContext ctx = SSLContext.getInstance("TLSv1.2");
or by using the SSLParameters API
e.g.
sslParameters.setProtocols(new String[] {"TLSv1.1", "TLSv1.2"});
```
The new `jdk.tls.client.protocols` System Property may also be used to control the protocols in use for a TLS connection. JDK-8151183
One may launch their application with this property. E.g. `java -Djdk.tls.client.protocols="TLSv1.2"` will enable only TLSv1.2 on client SSLSockets.
Note that protocol versions specified via the new `jdk.tls.client.protocols` property will suppress any value set via the `jdk.tls.client.enableSSLv2Hello` property. SSLv2Hello can be passed to the `jdk.tls.client.protocols` value if necessary."
As an example, both the TLSv1.1 and TLSv1.2 protocols can be enabled for use on SSL/TLS connections via `SSLSocket/SSLEngine/SSLServerSocket`APIs:
```
e.g.
sslSocket.setEnabledProtocols(new String[] { "TLSv1.1", "TLSv1.2"});
or by setting up and using a TLSv1.2 based SSLContext :
e.g.
SSLContext ctx = SSLContext.getInstance("TLSv1.2");
or by using the SSLParameters API
e.g.
sslParameters.setProtocols(new String[] {"TLSv1.1", "TLSv1.2"});
```
The new `jdk.tls.client.protocols` System Property may also be used to control the protocols in use for a TLS connection. JDK-8151183
One may launch their application with this property. E.g. `java -Djdk.tls.client.protocols="TLSv1.2"` will enable only TLSv1.2 on client SSLSockets.
Note that protocol versions specified via the new `jdk.tls.client.protocols` property will suppress any value set via the `jdk.tls.client.enableSSLv2Hello` property. SSLv2Hello can be passed to the `jdk.tls.client.protocols` value if necessary."
- backported by
-
-
- Closed
-