[8u, 11u] Disabling TLS 1.0/1.1 in 8u292/11.0.11 ?
Bernd Eckenfels
ecki at zusammenkunft.net
Thu Nov 19 19:54:37 UTC 2020
Hello,
I don’t really understand why this has to be disabled. I can somewhat understand why the protocols are removed from the default context (however removing it from tlsv1 seems odd). But disabling it means you cannot programmatically turn it on...
I think the common understanding is, that tls1.1 is not optimal and hard to configure well, but it is not considered broken, or?
We encounter quite a few customers who would have to modify the JDK installation in that case. Can it be de-disabled (new word!) as a system property, maybe?
Gruss
Bernd
--
http://bernd.eckenfels.net
________________________________
Von: jdk8u-dev <jdk8u-dev-retn at openjdk.java.net> im Auftrag von Langer, Christoph <christoph.langer at sap.com>
Gesendet: Thursday, November 19, 2020 1:53:46 PM
An: Volker Simonis <volker.simonis at gmail.com>; jdk8u-dev <jdk8u-dev at openjdk.java.net>; jdk-updates-dev <jdk-updates-dev at openjdk.java.net>
Betreff: RE: [8u, 11u] Disabling TLS 1.0/1.1 in 8u292/11.0.11 ?
Hi Volker,
speaking for 11u: I would think so. Unless somebody has really good reasons not to follow Oracle here.
After all, if somebody would have issues with that after April, there would always be the fallback to turn it back on via java.security. So I see the risk as quite acceptable.
Best regards
Christoph
> -----Original Message-----
> From: jdk-updates-dev <jdk-updates-dev-retn at openjdk.java.net> On
> Behalf Of Volker Simonis
> Sent: Donnerstag, 19. November 2020 11:10
> To: jdk8u-dev <jdk8u-dev at openjdk.java.net>; jdk-updates-dev <jdk-
> updates-dev at openjdk.java.net>
> Subject: [8u, 11u] Disabling TLS 1.0/1.1 in 8u292/11.0.11 ?
>
> Hi 8u/11u maintainers,
>
> Oracle has announced in their "Cryptographic Roadmap" [1] that they
> will disable TLS 1.0/1.1 in Oracle jdk 7,8,11 by 2021-04-20 and in jdk
> 16 by 2021-03-16. A change/csr for jdk 16 [2,3] is currently under
> review [4].
>
> Do you plan to do the same for 8u292 and 11.0.11 in April 2021?
>
> Thank you and best regards,
> Volker
>
> [1] https://java.com/en/jre-jdk-cryptoroadmap.html
> [2] https://bugs.openjdk.java.net/browse/JDK-8202343
> [3] https://bugs.openjdk.java.net/browse/JDK-8254713
> [4] https://github.com/openjdk/jdk/pull/1235
More information about the jdk8u-dev
mailing list