Java Security and Cryptography

Re-enable TLSv1 and TLSv1.1

Some legacy systems may still be tied to the older, insecure TLSv1 and TLSv1.1 protocols. Starting with OpenJDK 11.0.11, these protocol versions are disabled by default.

To re-enable, users must perform these steps:

  1. In the installation directory of the JDK, navigate to the folder ./conf/security/
  2. Open the file
  3. Search for the configuration property jdk.tls.disabledAlgorithms
  4. Remove the elements TLSv1 and/or TLSv1.1
  5. Relaunch the Java application

JCE Provider for JCA and Crypto Received fatal alert: handshake_failure

Applications that need to establish secure connections (e.g., HTTPS, SFTP, etc) must run on a Java runtime with a compatible security provider for the Java Cryptography Architecture (JCA). The OpenJDK project contains a default implementation provider - the Java Cryptography Extension (JCE) - in the

If your application requires establishing secure connections, make sure the module is included in the assembled Java runtime, or that a 3rd-party provider (e.g., BouncyCastle) is included.