JDK-6976117 : SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 1.4.0,7
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2010-08-11
  • Updated: 2017-05-19
  • Resolved: 2011-06-22
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
7 b140Fixed
Related Reports
Duplicate :  
Relates :  
Relates :  
Relates :  
Relates :  
Relates :  
This is a problem which we should address in TLS 1.2, but applies to 1.1.

If an app wants to be a *CLIENT* and calls:


we're currently going to be returning an instance which won't have TLSv1.1 enabled by default.  While technically ok by the Javadoc, I think we need to change that or we're going to have some surprised developers.

Probably the easiest is extend SSLContextImpl with SSLv3, TLS1, TLSv1.1, and TLSv1.2 variants:

    public class TLSv11ContextImpl extends SSLContextImpl {

and then update SunJSSE to recognize it:


Then on creation of the SSLContextImpl, we enable the protocol by default.

    return new SSLSocketFactoryImpl(this,
        new String[] { "TLSv1.1", ...other suitable defaults...);
Need to integrate the update of CR 4619276 with this (to add a getDefaultProtocols/getSupportedProtocols to factories).

EVALUATION See description.

SUGGESTED FIX See comments.