JDK-8256660 : Disable DTLS 1.0
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2020-11-19
  • Updated: 2024-04-16
  • Resolved: 2022-10-31
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 17 JDK 20
11.0.24-oracleFixed 17.0.12-oracleFixed 20 b22Fixed
Related Reports
CSR :  
JDK-8280507 - Disable DTLS 1.0
Relates :  
JDK-8301381 - Verify DTLS 1.0 cannot be negotiated
Relates :  
JDK-8202343 - Disable TLS 1.0 and 1.1
Relates :  
JDK-8296820 - Add implementation note to SSLContext.getInstance noting subsequent behavior if protocol is disabled
Sub Tasks
JDK-8296134 :  
Release Note: Disabled DTLS 1.0 - Resolved
Description
Disable DTLS 1.0 by default. This version of DTLS has weakened over time and lacks support for stronger cipher suites. DTLS 1.0 correlates with version 1.1 of TLS which has already been disabled by default in JDK 16. The IETF has deprecated this version of DTLS (along with TLS 1.0 and 1.1) in RFC 8996:  https://www.rfc-editor.org/rfc/rfc8996.html
Comments
Fix request [11u.17u] I backport this for parity with 11.0.24-oracle,17.0.12-oracle. Limited risk besides the obvious incompatibility. Clean backport to 17, trivial resolve due to context in 11, maybe even clean. CSR availbale. 11 needed test adaptions. Test passes. SAP nightly testing passes.
15-04-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk11u-dev/pull/2584 Date: 2024-03-07 13:54:22 +0000
07-03-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk17u-dev/pull/2272 Date: 2024-03-07 13:23:02 +0000
07-03-2024
Changeset: 16744b34 Author: Sean Mullan <mullan@openjdk.org> Date: 2022-10-31 16:46:40 +0000 URL: https://git.openjdk.org/jdk/commit/16744b34498e7aac59caef8c9b1a3d4d15f8c22e
31-10-2022
A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/10905 Date: 2022-10-28 17:00:12 +0000
28-10-2022