openjdk team mailing list archive

Thread
Date

[Bug 1314113] Re: TLS 1.1 and 1.2 are disabled by default

To: openjdk@xxxxxxxxxxxxxxxxxxx
From: Jeffrey Walton <noloader@xxxxxxxxx>
Date: Tue, 29 Apr 2014 10:12:53 -0000
Reply-to: Bug 1314113 <1314113@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

For completeness, the Java Cryptography Architecture Oracle Providers
Documentation
(http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html)
documents the behavior:

    Although SunJSSE in the Java SE 7 release supports
    TLS 1.1 and TLS 1.2, neither version is enabled by
    default for client connections. Some servers do not
    implement forward compatibility correctly and refuse
    to talk to TLS 1.1 or TLS 1.2 clients. For interoperability,
    SunJSSE does not enable TLS 1.1 or TLS 1.2 by default
    for client connections.

However, in 2014, its no longer a valid reason.

-- 
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-7 in Ubuntu.
https://bugs.launchpad.net/bugs/1314113

Title:
  TLS 1.1 and 1.2 are disabled by default

Status in “openjdk-7” package in Ubuntu:
  New

Bug description:
  OpenJDK-7 disables TLS 1.1 and 1.2 by default. It might be a good idea
  to enable them. The past interop issues are rarely encountered in
  2014.

  The program below only prints "TLSv1" even though I expected to see
  "TLSv1", "TLSv1.1" and "TLSv1.2". In fact, the protocols are available
  - they are just not enabled by default.

  And "no comment" on why I'm getting "SSLv3" when I asked for "TLS".
  That will get its own bug report.

  $ javac ProtocolTest.java && java ProtocolTest
  Supported Protocols: 5
    SSLv2Hello
    SSLv3
    TLSv1
    TLSv1.1
    TLSv1.2
  Enabled Protocols: 2
    SSLv3
    TLSv1

  **********

  Ubuntu 14.04 (x64), fully patched:

  $ uname -a
  Linux ubuntu 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

  **********

  $ java -version
  java version "1.7.0_51"
  OpenJDK Runtime Environment (IcedTea 2.4.6) (7u51-2.4.6-1ubuntu4)
  OpenJDK 64-Bit Server VM (build 24.51-b03, mixed mode)

  **********

  SSLContext context = SSLContext.getInstance("TLS");
  context.init(null,null,null);

  SSLSocketFactory factory = (SSLSocketFactory)context.getSocketFactory();
  SSLSocket socket = (SSLSocket)factory.createSocket();

  String[] protocols = socket.getSupportedProtocols();

  System.out.println("Supported Protocols: " + protocols.length);
  for(int i = 0; i < protocols.length; i++)
  {
       System.out.println("  " + protocols[i]);
  }

  protocols = socket.getEnabledProtocols();

  System.out.println("Enabled Protocols: " + protocols.length);
  for(int i = 0; i < protocols.length; i++)
  {
       System.out.println("  " + protocols[i]);
  }

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/1314113/+subscriptions

References

[Bug 1314113] [NEW] TLS 1.1 and 1.2 are disabled by default
From: Jeffrey Walton, 2014-04-29