Start of changes for service refresh 3 fix pack 10

Matching the behavior of SSLContext.getInstance("TLS") to Oracle

Use the system property com.ibm.jsse2.overrideDefaultTLS to match the behavior of SSLContext.getInstance("TLS") in the IBM SDK with the Oracle implementation.

com.ibm.jsse2.overrideDefaultTLS=[true|false]

To match the behavior of SSLContext.getInstance("TLS") with the Oracle implementation, set this property to true. The default value is false.

The following table shows the effect of the system property on SSLContext.getInstance("TLS").
Table 1.
Property value setting Protocols enabled
false Start of changes for service refresh 6 fix pack 25TLS 1.0, TLS 1.1, and TLS 1.2End of changes for service refresh 6 fix pack 25 (in earlier releases: TLS 1.0)
true
  • For the server: TLS 1.0, TLS 1.1, TLS 1.2, Start of changes for service refresh 7and TLS 1.3 (see Note)End of changes for service refresh 7
  • For the client: TLS 1.0, TLS 1.1, and TLS 1.2
Note: Start of changes for service refresh 7TLS 1.3 requires the IBMJCEPlus provider.End of changes for service refresh 7
Important: If you set the system property com.ibm.jsse2.overrideDefaultTLS=true and you enable either SP800-131a strict compliance (com.ibm.jsse2.sp800-131) or Suite B (com.ibm.jsse2.suiteB) system properties, only the TLS 1.2 protocol is enabled.
End of changes for service refresh 3 fix pack 10