Start of changes for service refresh 3 fix pack 50

Matching the behavior of SSLContext.getInstance("TLS") to Oracle

Use the system property com.ibm.jsse2.overrideDefaultTLS to match the behavior of SSLContext.getInstance("TLS") in the IBM SDK with the Oracle implementation. Start of changes for service refresh 4 fix pack 80In service refresh 4, fix pack 80, the IBM implementation changed to match the Oracle implementation, so this property no longer has any effect. This property is deprecated and might be removed in a future release.End of changes for service refresh 4 fix pack 80

com.ibm.jsse2.overrideDefaultTLS =[true|false]

To match the behavior of SSLContext.getInstance("TLS") with the Oracle implementation, set this property to true. The default value is false.

The following table shows the effect of the system property on SSLContext.getInstance("TLS").
Table 1.
Property value setting Protocol enabled
false Start of changes for service refresh 4 fix pack 80From service refresh 4, fix pack 80, this property has no effect. Before that release, the value was TLS V1.0End of changes for service refresh 4 fix pack 80
true TLS V1.0, V1.1, and V1.2 (see Note)
Note: Although the behavior matches the Oracle implementation on the server, a difference still exists on the client. With the Oracle implementation, the use of SSLContext.getInstance("TLS") on the client enables only the TLS V1.0 protocol. With the IBM implementation, TLS V1.0, V1.1, and V1.2 are enabled on the server and client.
Important: If you set the system property com.ibm.jsse2.overrideDefaultTLS=true and you enable either SP800-131a strict compliance (com.ibm.jsse2.sp800-131) or Suite B (com.ibm.jsse2.suiteB) system properties, only the TLS V1.2 protocol is enabled.
End of changes for service refresh 3 fix pack 50