openjdk team mailing list archive
-
openjdk team
-
Mailing list archive
-
Message #10105
[Bug 1314113] Re: TLS 1.1 and 1.2 are disabled by default
For completeness, the Java Cryptography Architecture Oracle Providers
Documentation
(http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html)
documents the behavior:
Although SunJSSE in the Java SE 7 release supports
TLS 1.1 and TLS 1.2, neither version is enabled by
default for client connections. Some servers do not
implement forward compatibility correctly and refuse
to talk to TLS 1.1 or TLS 1.2 clients. For interoperability,
SunJSSE does not enable TLS 1.1 or TLS 1.2 by default
for client connections.
However, in 2014, its no longer a valid reason.
--
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-7 in Ubuntu.
https://bugs.launchpad.net/bugs/1314113
Title:
TLS 1.1 and 1.2 are disabled by default
Status in “openjdk-7” package in Ubuntu:
New
Bug description:
OpenJDK-7 disables TLS 1.1 and 1.2 by default. It might be a good idea
to enable them. The past interop issues are rarely encountered in
2014.
The program below only prints "TLSv1" even though I expected to see
"TLSv1", "TLSv1.1" and "TLSv1.2". In fact, the protocols are available
- they are just not enabled by default.
And "no comment" on why I'm getting "SSLv3" when I asked for "TLS".
That will get its own bug report.
$ javac ProtocolTest.java && java ProtocolTest
Supported Protocols: 5
SSLv2Hello
SSLv3
TLSv1
TLSv1.1
TLSv1.2
Enabled Protocols: 2
SSLv3
TLSv1
**********
Ubuntu 14.04 (x64), fully patched:
$ uname -a
Linux ubuntu 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
**********
$ java -version
java version "1.7.0_51"
OpenJDK Runtime Environment (IcedTea 2.4.6) (7u51-2.4.6-1ubuntu4)
OpenJDK 64-Bit Server VM (build 24.51-b03, mixed mode)
**********
SSLContext context = SSLContext.getInstance("TLS");
context.init(null,null,null);
SSLSocketFactory factory = (SSLSocketFactory)context.getSocketFactory();
SSLSocket socket = (SSLSocket)factory.createSocket();
String[] protocols = socket.getSupportedProtocols();
System.out.println("Supported Protocols: " + protocols.length);
for(int i = 0; i < protocols.length; i++)
{
System.out.println(" " + protocols[i]);
}
protocols = socket.getEnabledProtocols();
System.out.println("Enabled Protocols: " + protocols.length);
for(int i = 0; i < protocols.length; i++)
{
System.out.println(" " + protocols[i]);
}
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/1314113/+subscriptions
References