Integrated: 8202343: Disable TLS 1.0 and 1.1

Sean Mullan mullan at
Thu Nov 19 14:19:09 UTC 2020

On Mon, 16 Nov 2020 20:18:16 GMT, Sean Mullan <mullan at> wrote:

> This change disables the TLSv1 and TLSv1.1 protocols by adding them to the jdk.tls.disabledAlgorithms security property in the file. These protocols use weak algorithms and are being deprecated by the IETF. They should be disabled by default to improve the default security configuration of the JDK. See the CSR for more rationale:
> The fix mostly involves changes to existing tests that for one reason or another depend on the TLSv1 and TLSv1.1 protocols being enabled. There is a new test specifically for this issue: test/jdk/sun/security/ssl/SSLContextImpl/

This pull request has now been integrated.

Changeset: 3a4b90f0
Author:    Sean Mullan <mullan at>
Stats:     396 lines in 21 files changed: 273 ins; 97 del; 26 mod

8202343: Disable TLS 1.0 and 1.1

Reviewed-by: xuelei, dfuchs, coffeys



More information about the security-dev mailing list