Pete Freitag Pete Freitag

TLSv1 and TLSv1.1 Disabled by Default in Java

Updated on April 10, 2024
By Pete Freitag
java

The OpenJDK Crypto Roadmap states that TLSv1 and TLSv1.1 will be disabled by default in OpenJDK versions released after April 20, 2021. This change also applies to Oracle, and all the JVMs that are derived from OpenJDK.

What versions of Java are impacted?

Java LTS versions 11.0.11, 1.8.0_291 and up have TLSv1 and TLSv1.1 disabled by default.

How are they disabling it? or how can I reenable it if I need to?

One nice feature you may not realize exists is the java.security file. In Java 11 and up it is located in the folder conf/security/ under your JAVA_HOME. This file has a property called jdk.tls.disabledAlgorithms, right now it looks like this:

jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
    EC keySize < 224, 3DES_EDE_CBC, anon, NULL

You can see that this setting is currently used to disable SSLv3 and a few other ciphers / parameters.

After April 20, 2021 my guess is that they are going to add TLSv1 and TLSv1.1 to this list.

Update: My guess was correct, this is what they did.

This is good to know, because you can make the change now to test and see if your application is impacted by adding those algorithms to jdk.tls.disabledAlgorithms now.

How can I re-enable TLSv1 and TLSv1.1 on newer JVMs?

If it turns out that you do need to still connect to https servers over these weaker protocols, then you can move them out of jdk.tls.disabledAlgorithms and into the setting jdk.tls.legacyAlgorithms.

According to the docs:

In some environments, a certain algorithm may be undesirable but it cannot be disabled because of its use in legacy applications. Legacy algorithms may still be supported, but applications should not use them as the security strength of legacy algorithms are usually not strong enough in practice.
During SSL/TLS security parameters negotiation, legacy algorithms will not be negotiated unless there are no other candidates.

This should only be done however if you are not able to upgrade the legacy servers to TLSv1.2 or TLSv1.3, for example because you don't operate them.

What error message might I get due to this?

Here's one you might see:

Unknown host: The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]

Or:

The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "The server selected protocol version TLS10 is not accepted by client preferences [TLS12]".

You might also get a SSL Handshake Exception javax.net.ssl.SSLHandshakeException.

Update: So far I've seen this issue come up a few times in JDBC / database connections using TLS / SSL, and https (eg cfhttp) connections. One thing to note is that some versions of MySQL Community edition only support TLSv1, you would need the paid version of MySQL to get TLSv1.2 support.

I've also seen this show up in MSSQL / SQL Server TLS connections to older servers. For the data direct JDBC drivers (used by ColdFusion) you may need to add CryptoProtocolVersion=TLSv1.2 to the connection string.



java tls openjdk

TLSv1 and TLSv1.1 Disabled by Default in Java was first published on April 15, 2021.

If you like reading about java, tls, or openjdk then you might also like:

Weekly Security Advisories Email

Advisory Week is a new weekly email containing security advisories published by major software vendors (Adobe, Apple, Microsoft, etc).

Comments

Thanks as always, Pete. And lest any miss the point, this will "be disabled...by default" only in releases CREATED "after April 20, 2021".

(It's my experience with news like this that some readers could miss such a point and be fearing that this change might "just happen" to them, even without updating the JVM version.)

So to be clear: folks using Java 11.0.10 or Java 1.8.0_281 or earlier (the current Java "long term support releases") are unaffected, until those are updated and one implements that update.

But great point about how to go about "trying" the change before a subsequent update forces the change.
by Charlie Arehart on 04/15/2021 at 10:40:20 PM UTC
And now we can report that yep, a week after this post, Oracle DID create a new JVM version, and in it they DO confirm that they added those TLS versions to the java.security file, and that "If you encounter issues, you can, at your own risk, re-enable the versions by removing "TLSv1" and/or "TLSv1.1" from the jdk.tls.disabledAlgorithms security property in the java.security configuration file."

For more on the JVM updates (especially from the perspective of CF users), see a post I did:
https://www.carehart.org/blog/client/index.cfm/2021/4/26/new_java_updates_for_Java_8_and_11_as_of_Apr_2021
by Charlie Arehart on 04/28/2021 at 8:54:38 PM UTC
Does anyone know if changing the jdk.tls.disabledAlgorithms security property requires a reboot of the operating system?
by Adam on 05/28/2021 at 8:14:01 PM UTC
@Adam - changing jdk.tls.disabledAlgorithms should not require an OS reboot, but you will need to restart whatever java processes you have running.
by Pete Freitag on 06/02/2021 at 4:15:04 PM UTC