JDK-8273413 : SunJSSE Provider protocol list out of date
  • Type: Bug
  • Component: docs
  • Sub-Component: guides
  • Affected Version: 8,11,16
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2021-08-31
  • Updated: 2021-11-24
  • Resolved: 2021-11-19
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 8
11.0.14-oracleFixed 8u321 b06Fixed
Related Reports
Relates :  
JDK-8202343 - Disable TLS 1.0 and 1.1
Description
A DESCRIPTION OF THE PROBLEM :
In 8 the 'Protocols' item under SunJSSE in SunProviders notes that in 8u31 up SSLv3 is disabled by security property, but lists TLSv1 (meaning 1.0) and TLSv1.1 as enabled and does not note that in 8u291 up they are similarly disabled. (The Customizing section in JSSERefGuide _does_ show this and other recent changes to jdk.tls.disabledAlgorithms if you know to look there.)

Similarly in 11 the 'SunJSSE Provider Protocol Parameters' item under SunJSSE in oracle-providers shows SSLv3 as disabled but not TLSv1 and TLSv1.1 which are disabled in 11.0.11 up; this one links to the Customizing section in java-secure-socket-extension-jsse-reference-guide which does show this. And similarly in 16 where 1.0 and 1.1 are disabled in _all_ updates (including '16.0.0').
Comments
11u backport notice I flagged this as not applicaple for 11u because it is a change to Oracle documentation that is publicly visible. There is no 'open' copy of this documentation. Probably tag openjdk-na would be more appropriate :)
29-10-2021
The JSSE Reference Guide and JDK Providers Guide need to be updated with additional changes now that TLS v1.0 and TLS v1.1 are disabled by default.
07-09-2021
Moved to JDK to investigate the listed protocols in the following documents: https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider https://docs.oracle.com/en/java/javase/11/security/oracle-providers.html#GUID-7093246A-31A3-4304-AC5F-5FB6400405E2 https://docs.oracle.com/en/java/javase/16/security/oracle-providers.html#GUID-7093246A-31A3-4304-AC5F-5FB6400405E2
07-09-2021