Start of changes for service refresh 6 fix pack 25

Enabling TLS 1.3

From service refresh 6, fix pack 25 onwards, the SDK includes an implementation of the Transport Layer Security (TLS) 1.3 specification (RFC 8446).

Before service refresh 7, fix pack 15, TLS 1.3 was disabled for the default SSLContext (SSL or TLS) at the client endpoint and on the server. To enable the TLS 1.3 protocol on the server, you had to use the jdk.tls.server.protocols system property.

From service refresh 7, fix pack 15 onwards, TLS 1.3 is enabled for the default SSLContext (TLS) at the client endpoint and on the server. When the default SSLContext is used now, TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3 are enabled.

For more information about the available protocols, see the Protocols topic.

Protocols can be managed by setting jdk.tls.disabledAlgorithms. For more information, see the Customization topic.

Examples of how to manage the TLS protocol at the client endpoint include the following:

  • Specify the supported protocols of an existing connection with the SSLSocket.setEnabledProtocols method:
    sslSocket.setEnabledProtocols(new String[] { "TLSv1.3", "TLSv1.2"});
  • Specify protocols when creating SSLContext:
    SSLContext ctx = SSLContext.getInstance("TLSv1.2");
  • Specify the supported protocols with the SSLParameters.setProtocols method:
    sslParameters.setProtocols(new String[] {"TLSv1.3", "TLSv1.2"});
  • Specify the supported protocols for client SSLSockets with the jdk.tls.client.protocols system property:
    java -Djdk.tls.client.protocols="TLSv1.3,TLSv1.2" MyApplication
  • Specify the supported protocols for connections obtained through HttpsURLConnection or the method URL.openStream with the https.protocols system property:
    java -Dhttps.protocols="TLSv1.3,TLSv1.2" MyApplication
Notes:

TLS 1.3 requires the IBMJCEPlus provider.

TLS 1.3 is not directly compatible with previous versions. Although TLS 1.3 can be implemented with a backward-compatibility mode, there are still several compatibility risks to consider when upgrading to TLS 1.3:
  • TLS 1.3 uses a half-close policy, while TLS 1.2 and earlier use a duplex-close policy. For applications that depend on the duplex-close policy, there might be compatibility issues when upgrading to TLS 1.3.
  • The signature_algorithms_cert extension requires that pre-defined signature algorithms are used for certificate authentication. In practice, however, an application might use unsupported signature algorithms.
  • The DSA signature algorithm is not supported in TLS 1.3. If a server is configured to only use DSA certificates, it cannot negotiate a TLS 1.3 connection.
  • The supported cipher suites for TLS 1.3 are not the same as TLS 1.2 and earlier. If an application hardcodes cipher suites that are no longer supported, it might not be able to use TLS 1.3 without modifications to its code, for example SSL_AES_128_GCM_SHA256 (1.3 and later) versus SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA (1.2 and earlier). For a list of cipher suites, see Cipher suites.
  • The TLS 1.3 session resumption and key update behaviors are different from TLS 1.2 and earlier. The compatibility impact should be minimal, but it could be a risk if an application depends on the handshake details of the TLS protocols.
End of changes for service refresh 6 fix pack 25