Bug ID: JDK-8245077 Release Note: Default SSLEngine Should Create in Server Role

Type: Sub-task
Component: security-libs
Sub-Component: javax.net.ssl
Affected Version: 8u261,11.0.8-oracle,14.0.2,15

Priority: P3
Status: Closed
Resolution: Delivered

Submitted: 2020-05-15
Updated: 2022-06-25
Resolved: 2021-12-02

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 11	JDK 14	JDK 15	JDK 8
11.0.8-oracleResolved	14.0.2Resolved	15Resolved	8u261Resolved

In JDK 11 and later, `javax.net.ssl.SSLEngine` by default used client mode when handshaking. As a result, the set of default enabled protocols may differ to what is expected. `SSLEngine` would usually be used in server mode. From this JDK release onwards, `SSLEngine` will default to server mode. The `javax.net.ssl.SSLEngine.setUseClientMode(boolean mode)` method may be used to configure the mode.