Back to Zing Documentation Home

Using Version 1.3 of Transport Layer Security (TLS) Protocol

Starting with ZVM 20.07.0.0, Zing 8 supports TLS 1.3 by default and follows the application programming interface (API) changes introduced by Maintenance Release 3 to the Java SE 8 specification. See JDK-8248721: Backport TLSv1.3 protocol implementation for more information.

Version 1.3 of the TLS protocol is included in the default (SunJSSE) JSSE provider in Zing 8.

In addition to the default JSSE provider, Zing 8 also includes a non-default Legacy8uJSSE provider. The Legacy8uJSSE provider contains the prior provider implementation (8u252 JSSE without TLS 1.3 support) as a fallback measure, and the non-default OpenJSSE provider previously included in Zing 8 distributions for non-default support for TLS 1.3.

The table below lists three bundled modes for JSSE in Zing 8.

Name Description How to Enable
Default

The SunJSSE provider includes SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3 protocols support.

Note: By default, TLS 1.3 is disabled on the client side. You can enable it via the SSLSocket/SSLEngine/SSLParameters/SSLContext API, jdk.tls.client.protocols, or https.protocols properties.

Enabled by default
Fallback

The Legacy8uJSSE provider includes the prior, 8u252 JSSE provider implementation (without TLS 1.3 support). This mode may be useful if any application issues are introduced by the new TLS 1.3 support in the default JSSE provider.

-XX:+UseLegacy8uJSSE
OpenJSSE

The OpenJSSE provider includes a TLS 1.3 protocol implementation. This mode is introduced in Zing 8 starting with ZVM 19.08.0.0 and may be useful for prior users of the OpenJSSE provider that wish to keep using it in place of the new default SunJSSE provider (even though the new default provider now includes all functionality previously covered by the OpenJSSE provider).

For example, applications that chose to use org.openjsse APIs directly may want to keep using the OpenJSSE mode.

-XX:+UseOpenJSSE

 

Zing 11 supports version 1.3 of the TLS protocol by default.

 

 

See Also


© Azul Systems, Inc. 2020 All rights reserved.

Privacy Policy | Legal | Terms of Use