OT: Reason TLS 1.1 & 1.2 off by default
Jeff Palmer
jcpalmer at rochester.rr.com
Mon May 14 13:51:24 PDT 2012
There might be a better place to bring this up, but I do not understand why TLS 1.1 & 1.2 are not enabled by default in the Java Control Panel. This is not just the Mac port.
After the demo last September that SSL 3.0 might be defeate-able, 1.6.29 or 30 came out which added TLS 1.1 & 1.2 to Java 6, something that was already in Java 7. Browser makers started to work on the newer protocols from the client side. Jetty and possibly others servers started putting out releases which allowed protocols be prioritized or even turned off.
No average user is ever going to turn this on themselves. I can fully see not turning SSL 3.0 and TLS 1.0 off (but I have tested this), but not a reason to not turn these on.
More information about the macosx-port-dev
mailing list