Pete Freitag Pete Freitag

Java versions supporting TLS 1.3

Published on May 11, 2021
By Pete Freitag
java

What versions of Java support TLSv1.3 / TLS 1.3?

Java 8 TLS 1.3 Support

If you are on Java 8 (or 1.8 if you prefer) then you need version 8u261 b12 or greater. This version was released on July 14, 2020.

Java 11 TLS 1.3 Support

Java 11 has supported TLS 1.3 since it was first released, however there were some bugs in the early versions. For that reason you should probably shoot for at least version 11.0.8 which is when TLSv1.3 support was added to Java 8.

How can I see if my Java code supports TLSv1.3?

Try connecting to tls13.akamai.io and see what it responds with.



tls java

Java versions supporting TLS 1.3 was first published on May 11, 2021.

If you like reading about tls, or java then you might also like:

Weekly Security Advisories Email

Advisory Week is a new weekly email containing security advisories published by major software vendors (Adobe, Apple, Microsoft, etc).

Comments

Another host that supports TLS 1.3 for testing purposes is https://tls13.1d.pw/

Here's a TestBox unit test if you wish to test and compare CFHTTP to modern Chrome browser behavior. (I've added akamai as the default TLS 1.3 host.)
https://dev.to/gamesover/cfml-unit-tests-for-cfhttp-and-badssl-1lfa
by James Moberg on 05/11/2021 at 4:09:35 PM UTC
James - thanks that's a nice test, I use those badssl.com hosts for testing as well, but they don't have one for TLS 1.3 yet.

One thing about using tls13.akamai.io in a test like this is that it also responds to other protocols, so you'd have to inspect the fileContent to see if it really supports TLSv1.3. I probably should have made that more clear in the blog entry.
by Pete Freitag on 05/11/2021 at 4:19:34 PM UTC
Thanks for the update. I removed the akamai host from my unit test as I didn't want to have to additionally inspect the content.

https://tls13.1d.pw/ is a TLS1.3-ONLY server which means you can only connect to it using TLS1.3. (Connection failure = the HTTP request didn't use TLS1.3.)
by James Moberg on 05/11/2021 at 4:34:12 PM UTC