Java Security and Cryptography
Re-enable TLSv1 and TLSv1.1
Some legacy systems may still be tied to the older, insecure TLSv1 and TLSv1.1 protocols. Starting with OpenJDK 11.0.11, these protocol versions are disabled by default.
To re-enable, users must perform these steps:
- In the installation directory of the JDK, navigate to the folder
- Open the file java.security
- Search for the configuration property
- Remove the elements
- Relaunch the Java application
JCE Provider for JCA and Crypto
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Applications that need to establish secure connections (e.g., HTTPS, SFTP, etc) must run on a Java runtime with a compatible security provider for the Java Cryptography Architecture (JCA). The OpenJDK project contains a default implementation provider - the Java Cryptography Extension (JCE) - in the
If your application requires establishing secure connections, make sure the module
jdk.crypto.ec is included in the assembled Java runtime, or that a 3rd-party provider (e.g., BouncyCastle) is included.