JDK-8151298 : Release Note: TLS v1.2 support now available
  • Type: Sub-task
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 6u121
  • Priority: P4
  • Status: Closed
  • Resolution: Delivered
  • Submitted: 2016-03-04
  • Updated: 2017-02-27
  • Resolved: 2016-06-23
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6
6u115Resolved
Description
TLS v1.2 is now a TLS protocol option with the release of JDK 6u121. By default, TLSv1.0 will remain the default enabled protocol on client sockets.

As an example, both the TLSv1.1 and TLSv1.2 protocols can be enabled for use on SSL/TLS connections via `SSLSocket/SSLEngine/SSLServerSocket`APIs: 

```
e.g. 
sslSocket.setEnabledProtocols(new String[] { "TLSv1.1", "TLSv1.2"}); 
 or by setting up and using a TLSv1.2 based SSLContext : 
e.g. 
SSLContext ctx = SSLContext.getInstance("TLSv1.2");
or by using the SSLParameters API 
e.g. 
sslParameters.setProtocols(new String[] {"TLSv1.1", "TLSv1.2"});
```

The new `jdk.tls.client.protocols` System Property may also be used to control the protocols in use for a TLS connection. JDK-8151183
One may launch their application with this property. E.g. `java -Djdk.tls.client.protocols="TLSv1.2"` will enable only TLSv1.2 on client SSLSockets.

Note that protocol versions specified via the new `jdk.tls.client.protocols` property will suppress any value set via the `jdk.tls.client.enableSSLv2Hello` property. SSLv2Hello can be passed to the `jdk.tls.client.protocols` value if necessary."

Comments
Perhaps we should clarify that the new system property jdk.tls.client.protocols does not have any default value set out of the box.
20-05-2016

Added the following text from JDK-8153198 to the end of the description: "Note that protocol versions specified via the new jdk.tls.client.protocols property will suppress any value set via the jdk.tls.client.enableSSLv2Hello property. SSLv2Hello can be passed to the jdk.tls.client.protocols value if necessary." Please review and modify as needed.
06-05-2016

The text change will be added to the July Release Notes.
04-05-2016

Please make sure the control panel changes are documented (see: https://bugs.openjdk.java.net/browse/JDK-8149377)
29-04-2016

Will add it to the 6u121 Release Notes.
22-04-2016

Incorporated in Release Notes
21-04-2016