The PCI DSS 3.1 spec also requires to disable TLS <= 1.1 so having TLS 1.2 enabled by default on Java clients would make everyone's life simpler.
https://www.pcisecuritystandards.org/pdfs/15_04_15%20PCI%20DSS%203%201%20Press%20Release.pdf -- You received this bug notification because you are a member of OpenJDK, which is subscribed to openjdk-7 in Ubuntu. https://bugs.launchpad.net/bugs/1314113 Title: TLS 1.1 and 1.2 are disabled by default Status in openjdk-7 package in Ubuntu: Confirmed Bug description: OpenJDK-7 disables TLS 1.1 and 1.2 by default. It might be a good idea to enable them. The past interop issues are rarely encountered in 2014. The program below only prints "TLSv1" even though I expected to see "TLSv1", "TLSv1.1" and "TLSv1.2". In fact, the protocols are available - they are just not enabled by default. And "no comment" on why I'm getting "SSLv3" when I asked for "TLS". That will get its own bug report. $ javac ProtocolTest.java && java ProtocolTest Supported Protocols: 5 SSLv2Hello SSLv3 TLSv1 TLSv1.1 TLSv1.2 Enabled Protocols: 2 SSLv3 TLSv1 ********** Ubuntu 14.04 (x64), fully patched: $ uname -a Linux ubuntu 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux ********** $ java -version java version "1.7.0_51" OpenJDK Runtime Environment (IcedTea 2.4.6) (7u51-2.4.6-1ubuntu4) OpenJDK 64-Bit Server VM (build 24.51-b03, mixed mode) ********** SSLContext context = SSLContext.getInstance("TLS"); context.init(null,null,null); SSLSocketFactory factory = (SSLSocketFactory)context.getSocketFactory(); SSLSocket socket = (SSLSocket)factory.createSocket(); String[] protocols = socket.getSupportedProtocols(); System.out.println("Supported Protocols: " + protocols.length); for(int i = 0; i < protocols.length; i++) { System.out.println(" " + protocols[i]); } protocols = socket.getEnabledProtocols(); System.out.println("Enabled Protocols: " + protocols.length); for(int i = 0; i < protocols.length; i++) { System.out.println(" " + protocols[i]); } To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/1314113/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~openjdk Post to : openjdk@lists.launchpad.net Unsubscribe : https://launchpad.net/~openjdk More help : https://help.launchpad.net/ListHelp