TLS 1.1 and 1.2 are disabled by default
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openjdk-7 (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
OpenJDK-7 disables TLS 1.1 and 1.2 by default. It might be a good idea to enable them. The past interop issues are rarely encountered in 2014.
The program below only prints "TLSv1" even though I expected to see "TLSv1", "TLSv1.1" and "TLSv1.2". In fact, the protocols are available - they are just not enabled by default.
And "no comment" on why I'm getting "SSLv3" when I asked for "TLS". That will get its own bug report.
$ javac ProtocolTest.java && java ProtocolTest
Supported Protocols: 5
SSLv2Hello
SSLv3
TLSv1
TLSv1.1
TLSv1.2
Enabled Protocols: 2
SSLv3
TLSv1
**********
Ubuntu 14.04 (x64), fully patched:
$ uname -a
Linux ubuntu 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
**********
$ java -version
java version "1.7.0_51"
OpenJDK Runtime Environment (IcedTea 2.4.6) (7u51-2.
OpenJDK 64-Bit Server VM (build 24.51-b03, mixed mode)
**********
SSLContext context = SSLContext.
context.
SSLSocketFactory factory = (SSLSocketFacto
SSLSocket socket = (SSLSocket)
String[] protocols = socket.
System.
for(int i = 0; i < protocols.length; i++)
{
System.
}
protocols = socket.
System.
for(int i = 0; i < protocols.length; i++)
{
System.
}
For completeness, the Java Cryptography Architecture Oracle Providers Documentation (http:// docs.oracle. com/javase/ 7/docs/ technotes/ guides/ security/ SunProviders. html) documents the behavior:
Although SunJSSE in the Java SE 7 release supports
TLS 1.1 and TLS 1.2, neither version is enabled by
default for client connections. Some servers do not
implement forward compatibility correctly and refuse
to talk to TLS 1.1 or TLS 1.2 clients. For interoperability,
SunJSSE does not enable TLS 1.1 or TLS 1.2 by default
for client connections.
However, in 2014, its no longer a valid reason.