The IBMJSSE2 provider supports the following protocol parameters:
|SSL||Enables TLS v1.0, v1.1, and v1.2 protocols.|
|SSLv3||No protocols enabled.|
|TLS||Enables TLS v1.0, v1.1, and v1.2 protocols.|
|TLSv1||Enables TLS v1.0 protocol (defined in RFC 2246).|
|TLSv1.1||Enables TLS v1.1 protocol (defined by RFC 4346).|
|TLSv1.2||Enables TLS v1.2 protocol (defined by RFC 5246).|
|TLSv1.3||Enables TLS v1.3 protocol (defined by RFC 8446).|
|SSL_TLS||Enables TLS v1.0 protocol.|
|SSL_TLSv2||Enables TLS v1.0, v1.1, and v1.2 protocols.|
The following table shows which protocols are enabled by default for client and server connections.
|Protocol||Enabled by default for client||Enabled by default for server|
Note: From the first release, there were differences between the IBM and Oracle implementations of SSLContext.getInstance("TLS") and a system property was available to match behavior (see Matching the behavior of SSLContext.getInstance("TLS") to Oracle). However, in service refresh 6, fix pack 25, the IBM implementation changed such that there are no longer any differences.