> As to TLS 1.2 on by default, I think there’s precedent for this in
> us adding TLS 1.1 on OpenJDK 6 and I'm of the opinion that secure by default
> outweighs compatible by default
I agree. If there was such thing as TLS 1.1.1 with just security fixes - that
would
be the way to go. The only
- Original Message -
> Hi!
>
> I'm looking into enabling TLS 1.2 by default in OpenJDK 7 as per
> JDK-7093640 [1]. The reasoning being:
> 1. we have reports that server admins are starting to disable CBC
> unless TLS level is 1.1+ [2]
> 2. RC4 has been disabled by JDK-8076221 [3] and S80