JDK-8282859 : Release Note: Enable TLSv1.3 by Default on JDK 8 for Client Roles
  • Type: Sub-task
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 8u341
  • Priority: P4
  • Status: Resolved
  • Resolution: Delivered
  • Submitted: 2022-03-09
  • Updated: 2022-08-26
  • Resolved: 2022-03-11
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8
8u341Resolved
Description
The TLSv1.3 implementation is now enabled by default for client roles in 8u341. It has been enabled by default for server roles since 8u261. You can find more details in the [Additional Information section](https://java.com/en/configure_crypto.html#EnableTLSv13) of the [Oracle JRE and JDK Cryptographic Roadmap](https://java.com/en/jre-jdk-cryptoroadmap.html).

Note that TLS 1.3 is not directly compatible with previous versions. Enabling it on the client may introduce compatibility issues on either the server or the client side. Here are some more details on potential compatibility issues that you should be aware of:

 - TLS 1.3 uses a half-close policy, while TLS 1.2 and prior versions use a duplex-close policy. For applications that depend on the duplex-close policy, there may be compatibility issues when upgrading to TLS 1.3.

 - The signature_algorithms_cert extension requires that pre-defined signature algorithms are used for certificate authentication. In practice, however, an application may use non-supported signature algorithms.

 - The DSA signature algorithm is not supported in TLS 1.3. If a server is configured to only use DSA certificates, it cannot upgrade to TLS 1.3.

 - The supported cipher suites for TLS 1.3 are not the same as TLS 1.2 and prior versions. If an application hard-codes cipher suites which are no longer supported, it may not be able to use TLS 1.3 without modifying the application code, for example TLS_AES_128_GCM_SHA256 (1.3 and later) versus TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (1.2 and earlier).

 - The TLS 1.3 session resumption and key update behaviors are different from TLS 1.2 and prior versions. The compatibility should be minimal, but it could be a risk if an application depends on the handshake details of the TLS protocols.

 - TLS 1.3 requires that the implementation support new cryptographic algorithms which previous versions of TLS did not, such as RSASSA-PSS. If your application is configured to use 3rd party JCE provider(s) which do not support the required algorithms, you may get handshake failures.