[8u, 11u] Disabling TLS 1.0/1.1 in 8u292/11.0.11 ?
Volker Simonis
volker.simonis at gmail.com
Thu Nov 19 13:00:36 UTC 2020
On Thu, Nov 19, 2020 at 1:53 PM Langer, Christoph
<christoph.langer at sap.com> wrote:
>
> Hi Volker,
>
> speaking for 11u: I would think so. Unless somebody has really good reasons not to follow Oracle here.
>
> After all, if somebody would have issues with that after April, there would always be the fallback to turn it back on via java.security. So I see the risk as quite acceptable.
>
Thanks Christoph, that pretty much exactly matches my point of view :)
> Best regards
> Christoph
>
> > -----Original Message-----
> > From: jdk-updates-dev <jdk-updates-dev-retn at openjdk.java.net> On
> > Behalf Of Volker Simonis
> > Sent: Donnerstag, 19. November 2020 11:10
> > To: jdk8u-dev <jdk8u-dev at openjdk.java.net>; jdk-updates-dev <jdk-
> > updates-dev at openjdk.java.net>
> > Subject: [8u, 11u] Disabling TLS 1.0/1.1 in 8u292/11.0.11 ?
> >
> > Hi 8u/11u maintainers,
> >
> > Oracle has announced in their "Cryptographic Roadmap" [1] that they
> > will disable TLS 1.0/1.1 in Oracle jdk 7,8,11 by 2021-04-20 and in jdk
> > 16 by 2021-03-16. A change/csr for jdk 16 [2,3] is currently under
> > review [4].
> >
> > Do you plan to do the same for 8u292 and 11.0.11 in April 2021?
> >
> > Thank you and best regards,
> > Volker
> >
> > [1] https://java.com/en/jre-jdk-cryptoroadmap.html
> > [2] https://bugs.openjdk.java.net/browse/JDK-8202343
> > [3] https://bugs.openjdk.java.net/browse/JDK-8254713
> > [4] https://github.com/openjdk/jdk/pull/1235
More information about the jdk-updates-dev
mailing list