Configuring default extensions
Some TLS implementations might not handle unknown extensions properly. As a result, you might
encounter unexpected interoperability issues when the SDK introduces new extensions. Two system
properties enable you to customize default extensions:
jdk.tls.client.disableExtensions
: Blocks extensions used on the client side.jdk.tls.server.disableExtensions
: Blocks extensions used on the server side.
If an extension is disabled, it won't be produced or processed in handshake messages.
The value of these system properties is a list of comma-separated standard TLS extension names.
See Transport Layer Security (TLS) Extensions for a list of these
names. Extension names are case-sensitive, and unknown, unsupported misspelled and duplicated names
are ignored.
Note: Although system properties exist that enable and disable specific TLS extensions,
such as
jsse.enableMFLNExtension
, jsse.enableFFDHEExtension
, and
jsse.enableSNIExtension
, an extension won't be enabled if it's disabled through
jdk.tls.client.disableExtensions
or
jdk.tls.server.disableExtensions
.