Java Security and Cryptography
Some legacy systems may still be tied to the older, insecure TLSv1 and TLSv1.1 protocols. Starting with OpenJDK 11.0.11, these protocol versions are disabled by default.
To re-enable, users must perform these steps:
- In the installation directory of the JDK, navigate to the folder
./conf/security/
- Open the file java.security
- Search for the configuration property
jdk.tls.disabledAlgorithms
- Remove the elements
TLSv1
and/orTLSv1.1
- Relaunch the Java application
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Applications that need to establish secure connections (e.g., HTTPS, SFTP, etc) must run on a Java runtime with a compatible security provider for the Java Cryptography Architecture (JCA). The OpenJDK project contains a default implementation provider - the Java Cryptography Extension (JCE) - in the jdk.crypto.ec
.
If your application requires establishing secure connections, make sure the module jdk.crypto.ec
is included in the assembled Java runtime, or that a 3rd-party provider (e.g., BouncyCastle) is included.