Visit Azul.com Support

Using Version 1.3 of Transport Layer Security (TLS) Protocol

Looking for Zing? The Azul Zing Virtual Machine is now Azul Zulu Prime Builds of OpenJDK and part of Azul Platform Prime. Learn more.

Starting with Azul Platform Prime 20.07.0.0, Zing 8 supports TLS 1.3 by default and follows the application programming interface (API) changes introduced by Maintenance Release 3 to the Java SE 8 specification. See JDK-8248721: Backport TLSv1.3 protocol implementation for more information.

Version 1.3 of the TLS protocol is included in the default (SunJSSE) JSSE provider in Azul Platform Prime 8.

In addition to the default JSSE provider, Azul Platform Prime 8 also includes a non-default Legacy8uJSSE provider. The Legacy8uJSSE provider contains the prior provider implementation (8u252 JSSE without TLS 1.3 support) as a fallback measure, and the non-default OpenJSSE provider previously included in Zing 8 distributions for non-default support for TLS 1.3.

The table below lists three bundled modes for JSSE in Zing 8.

Name

Description

How to Enable

Default

The SunJSSE provider includes SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3 protocols support.

By default, TLS 1.3 is disabled on the client side. You can enable it via the SSLSocket/SSLEngine/SSLParameters/SSLContext API, jdk.tls.client.protocols, or https.protocols properties.

Enabled by default

Fallback

The Legacy8uJSSE provider includes the prior, 8u252 JSSE provider implementation (without TLS 1.3 support). This mode may be useful if any application issues are introduced by the new TLS 1.3 support in the default JSSE provider.

-XX:+UseLegacy8uJSSE

OpenJSSE

The OpenJSSE provider includes a TLS 1.3 protocol implementation. This mode is introduced in Zing 8 starting with ZVM 19.08.0.0 and may be useful for prior users of the OpenJSSE provider that wish to keep using it in place of the new default SunJSSE provider (even though the new default provider now includes all functionality previously covered by the OpenJSSE provider).

For example, applications that chose to use org.openjsse APIs directly may want to keep using the OpenJSSE mode.

-XX:+UseOpenJSSE

Azul Platform Prime 11 supports version 1.3 of the TLS protocol by default.