Hi,
We have the following logic to set enabledProtocols property for TLS
connections:
String enabledProtocolsInput =
config.getProperty(x509Util.getSslEnabledProtocolsProperty());
if (enabledProtocolsInput == null) {
// Use JDK defaults for enabled protocols:
// Protocol TLSv1.3 -> enabled protocols TLSv1.3 and TLSv1.2
// Protocol TLSv1.2 -> enabled protocols TLSv1.2
return sslContext.getDefaultSSLParameters().getProtocols();
}
…
The comment is misleading: tested with JDK 11 and getProtocols() returns
TLSv1.3 only while the default protocol is TLSv1.3. I had to explicitly enable
TLSv1.2 in the config (ssl.enabledProtocols) to accept connections.
Unfortunately we don’t log this setting.
Regards,
Andor
