Protocols
The IBMJSSE2 provider supports the following protocol parameters in application code.
Protocol | Comment |
---|---|
SSL | Enables TLS v1.0, v1.1, and v1.2 protocols. |
SSLv3 | No protocols enabled. |
TLS | Enables TLS v1.0, v1.1, v1.2, and v1.3 protocols. |
TLSv1 | Enables TLS v1.0 protocol (defined in RFC 2246). |
TLSv1.1 | Enables TLS v1.1 protocol (defined by RFC 4346). |
TLSv1.2 | Enables TLS v1.2 protocol (defined by RFC 5246). |
TLSv1.3 | Enables TLS v1.3 protocol (defined by RFC 8446). |
SSL_TLS | Enables TLS v1.0 protocol. |
SSL_TLSv2 | Enables TLS v1.0, v1.1, and v1.2 protocols. |
SSLv2Hello | The SSLv3, TLSv1, TLSv1.1, and TLSv1.2 protocols allow you to send SSLv3, TLSv1, TLSv1.1, and TLSv1.2 ClientHellos encapsulated in an SSLv2 format hello by using the SSLv2Hello pseudo protocol. |
The following table shows which protocols are enabled by default for client and server
connections. Note that security and system properties such as jdk.tls.disabledAlgorithms and
com.ibm.jsse2.overrideDefaultProtocol can also affect the availability of protocols.
Protocol | Enabled by default for client | Enabled by default for server |
---|---|---|
SSLv3 | No | No |
TLSv1 | Yes | Yes |
TLSv1.1 | Yes | Yes |
TLSv1.2 | Yes | Yes |
TLSv1.3 | Yes | Yes |
SSLv2Hello | No | No |
Note: In some releases, there are differences between the IBM and Oracle
implementations of SSLContext.getInstance("TLS"). A system property is available
to match behavior. For more information, see Matching the behavior of SSLContext.getInstance("TLS") to Oracle.