Start of changes for service refresh 3 fix pack 10

Matching the behavior of SSLContext.getInstance("TLS") to Oracle

Use the system property com.ibm.jsse2.overrideDefaultTLS to match the behavior of SSLContext.getInstance("TLS") in the IBM SDK with the Oracle implementation.

com.ibm.jsse2.overrideDefaultTLS=[true|false]

To match the behavior of SSLContext.getInstance("TLS") with the Oracle implementation, set this property to true. The default value is false.

The following table shows the effect of the system property on SSLContext.getInstance("TLS").
Table 1.
Property value setting Protocols enabled
false Start of changes for service refresh 6 fix pack 25TLS 1.0, TLS 1.1, TLS 1.2 (in earlier releases: TLS 1.0), Start of changes for service refresh 7 fix pack 15and TLS 1.3End of changes for service refresh 7 fix pack 15End of changes for service refresh 6 fix pack 25
true
  • For the server: TLS 1.0, TLS 1.1, TLS 1.2Start of changes for service refresh 7, and TLS 1.3 (see Note)End of changes for service refresh 7
  • For the client: TLS 1.0, TLS 1.1, TLS 1.2Start of changes for service refresh 7 fix pack 15, and TLS 1.3 (see Note)End of changes for service refresh 7 fix pack 15
Note: Start of changes for service refresh 7TLS 1.3 requires the IBMJCEPlus provider.End of changes for service refresh 7
Important: If you set the system property com.ibm.jsse2.overrideDefaultTLS=true and you enable either SP800-131a strict compliance (com.ibm.jsse2.sp800-131) or Suite B (com.ibm.jsse2.suiteB) system properties, only the TLS 1.2 protocol is enabled.
End of changes for service refresh 3 fix pack 10