Enabling TLS 1.3
From service refresh 6, fix pack 25, the SDK includes an implementation of the Transport Layer Security (TLS) 1.3 specification (RFC 8446).
TLS 1.3 is disabled for the default SSLContext
(SSL
or
TLS
) at the client endpoint and on the server. To enable the TLS 1.3 protocol on
the server, use the jdk.tls.server.protocols
system property.
Examples of how to enable the TLS 1.3 protocol at the client endpoint include the following:
- Specify the supported protocols of an existing connection with the
SSLSocket.setEnabledProtocols
method:sslSocket.setEnabledProtocols(new String[] { "TLSv1.3", "TLSv1.2"});
- Create a TLS 1.3-based
SSLContext
:SSLContext ctx = SSLContext.getInstance("TLSv1.3");
- Specify the supported protocols with the
SSLParameters.setProtocols
method:sslParameters.setProtocols(new String[] {"TLSv1.3", "TLSv1.2"});
- Specify the supported protocols for client
SSLSocket
s with thejdk.tls.client.protocols
system property:java -Djdk.tls.client.protocols="TLSv1.3,TLSv1.2" MyApplication
- Specify the supported protocols for connections obtained through
HttpsURLConnection
or the methodURL.openStream
with thehttps.protocols
system property:java -Dhttps.protocols="TLSv1.3,TLSv1.2" MyApplication
Notes:
TLS 1.3 requires the IBMJCEPlus provider.
TLS 1.3 is not directly compatible with previous versions. Although TLS 1.3 can be implemented
with a backward-compatibility mode, there are still several compatibility risks to consider when
upgrading to TLS 1.3:
- TLS 1.3 uses a half-close policy, while TLS 1.2 and earlier use a duplex-close policy. For applications that depend on the duplex-close policy, there might be compatibility issues when upgrading to TLS 1.3.
- The
signature_algorithms_cert
extension requires that pre-defined signature algorithms are used for certificate authentication. In practice, however, an application might use unsupported signature algorithms. - The DSA signature algorithm is not supported in TLS 1.3. If a server is configured to only use DSA certificates, it cannot negotiate a TLS 1.3 connection.
- The supported cipher suites for TLS 1.3 are not the same as TLS 1.2 and earlier. If an application hardcodes cipher suites that are no longer supported, it might not be able to use TLS 1.3 without modifications to its code, for example SSL_AES_128_GCM_SHA256 (1.3 and later) versus SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA (1.2 and earlier). For a list of cipher suites, see Cipher suites.
- The TLS 1.3 session resumption and key update behaviors are different from TLS 1.2 and earlier. The compatibility impact should be minimal, but it could be a risk if an application depends on the handshake details of the TLS protocols.