Hi, webrev: http://cr.openjdk.java.net/~xuelei/7093640/webrev.00/
It's time to enable TLS 1.1 and TLS 1.2 in JDK by default. There is a known tls-version-number tolerant issue for deployed SSL servers. That is, some servers cannot work with clients whose TLS version number is bigger than or equals to TLS 1.0. It only happens to very very very very old and few servers now. In JDK 7, because of known server tls-version-number tolerant issues , TLS 1.1 and TLS 1.2 is not enabled by default in JSSE client. TLS 1.1 is able to avoid the CBC issues in TLS 1.0 and previous releases; and TLS 1.2 is able to use stronger hash functions. As the tls-version-number tolerant issues have been decreasing recent years, and the industry is purchasing to use new TLS versions in order to avoid CBC attack and comply to new hash policy, it's time for us to consider enable TLS 1.1 and TLS 1.2 in JSSE client by default. I know that because there are a few very old servers refuse to or cannot upgrade to latest TLS implementations, we may run into a few compatibility issue because of TLS-version-number tolerant issues. But what's the right time to make use of the advanced features for most of us? It's time to enable TLS 1.1 and TLS 1.2 in JDK by default. Please review the the changes. Thanks, Xuelei
