Re: Enabling TLS1.2 by default

2015-09-05 Thread Ivan Krylov
> As to TLS 1.2 on by default, I think there’s precedent for this in > us adding TLS 1.1 on OpenJDK 6 and I'm of the opinion that secure by default > outweighs compatible by default I agree. If there was such thing as TLS 1.1.1 with just security fixes - that would be the way to go. The only

Re: Enabling TLS1.2 by default

2015-08-19 Thread Andrew Hughes
- Original Message - > Hi! > > I'm looking into enabling TLS 1.2 by default in OpenJDK 7 as per > JDK-7093640 [1]. The reasoning being: > 1. we have reports that server admins are starting to disable CBC > unless TLS level is 1.1+ [2] > 2. RC4 has been disabled by JDK-8076221 [3] and S80