JDK-6976117 : SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 1.4.0,7
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2010-08-11
  • Updated: 2017-05-19
  • Resolved: 2011-06-22
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7
7 b140Fixed
Related Reports
Duplicate :  
JDK-4619276 - could add a getDefaultProtocols/getSupportedProtocols to factories
Relates :  
JDK-7174244 - NPE in Krb5ProxyImpl.getServerKeys()
Relates :  
JDK-4873188 - Support TLS 1.1
Relates :  
JDK-6996382 - TLS 1.2 implementation cleanup
Relates :  
JDK-8136713 - [TEST_BUG] test/sun/security/ssl/javax/net/ssl/SSLContextVersion.java requires backport to JDK 6
Relates :  
JDK-6916074 - Add support for TLS 1.2
Description
This is a problem which we should address in TLS 1.2, but applies to 1.1.

If an app wants to be a *CLIENT* and calls:

    SSLContext.getInstance("TLSv1.1");

we're currently going to be returning an instance which won't have TLSv1.1 enabled by default.  While technically ok by the Javadoc, I think we need to change that or we're going to have some surprised developers.

Probably the easiest is extend SSLContextImpl with SSLv3, TLS1, TLSv1.1, and TLSv1.2 variants:

    public class TLSv11ContextImpl extends SSLContextImpl {

and then update SunJSSE to recognize it:

        put("SSLContext.TLSv1.1",
            "sun.security.ssl.TLSv11ContextImpl");

Then on creation of the SSLContextImpl, we enable the protocol by default.

    return new SSLSocketFactoryImpl(this,
        new String[] { "TLSv1.1", ...other suitable defaults...);
Need to integrate the update of CR 4619276 with this (to add a getDefaultProtocols/getSupportedProtocols to factories).
Comments
EVALUATION See description.
12-08-2010
SUGGESTED FIX See comments.
11-08-2010