Visit Support

Using Version 1.3 of Transport Layer Security (TLS) Protocol

Need help?
Schedule a consultation with an Azul performance expert.
Contact Us

Starting with Azul Platform Prime, Zing 8 supports TLS 1.3 by default and follows the application programming interface (API) changes introduced by Maintenance Release 3 to the Java SE 8 specification. See JDK-8248721: Backport TLSv1.3 protocol implementation for more information.

Version 1.3 of the TLS protocol is included in the default (SunJSSE) JSSE provider in Azul Platform Prime 8.

In addition to the default JSSE provider, Azul Platform Prime 8 also includes a non-default Legacy8uJSSE provider. The Legacy8uJSSE provider contains the prior provider implementation (8u252 JSSE without TLS 1.3 support) as a fallback measure, and the non-default OpenJSSE provider previously included in Zing 8 distributions for non-default support for TLS 1.3.

The table below lists three bundled modes for JSSE in Zing 8.



How to Enable


The SunJSSE provider includes SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3 protocols support.

By default, TLS 1.3 is disabled on the client side. You can enable it via the SSLSocket/SSLEngine/SSLParameters/SSLContext API, jdk.tls.client.protocols, or https.protocols properties.

Enabled by default


The Legacy8uJSSE provider includes the prior, 8u252 JSSE provider implementation (without TLS 1.3 support). This mode may be useful if any application issues are introduced by the new TLS 1.3 support in the default JSSE provider.



The OpenJSSE provider includes a TLS 1.3 protocol implementation. This mode is introduced in Zing 8 starting with ZVM and may be useful for prior users of the OpenJSSE provider that wish to keep using it in place of the new default SunJSSE provider (even though the new default provider now includes all functionality previously covered by the OpenJSSE provider).

For example, applications that chose to use org.openjsse APIs directly may want to keep using the OpenJSSE mode.


Azul Platform Prime 11 supports version 1.3 of the TLS protocol by default.