[
https://issues.apache.org/jira/browse/HTTPCLIENT-2258?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17677363#comment-17677363
]
Oleg Kalnichevski commented on HTTPCLIENT-2258:
-----------------------------------------------
[~bsanchezb] SSL context defines the protocol family with the protocol version
picked by the default JSSE provider. Specific protocol versions can still be
enforced by the socket factory (classic) or the TLS strategy (async).
Hope this helps
Oleg
> Why "TLS" protocol is used by default
> -------------------------------------
>
> Key: HTTPCLIENT-2258
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2258
> Project: HttpComponents HttpClient
> Issue Type: Wish
> Affects Versions: 5.2.1
> Reporter: Aleksandr Beliakov
> Priority: Minor
>
> Hello,
>
> [SSLContextBuilder.java|https://github.com/apache/httpcomponents-core/blob/rel/v5.2.1/httpcore5/src/main/java/org/apache/hc/core5/ssl/SSLContextBuilder.java]
> defines "TLS" version of SSL protocol to be used as a default value in
> initialization of the SSLContext.
> Why the old version is used and it is not updated to the recommended now
> "TLSv1.3" version of SSL protocol? The version has been also added as a
> default one to be used in JDK 8. See [Oracle JRE and JDK Cryptographic
> Roadmap|https://www.java.com/en/jre-jdk-cryptoroadmap.html]
>
> Thank you.
>
> Best regards,
> Aleksandr.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
