Java 8/11 disabled TLS 1.0/1.1 by default.

1 minute read

OpenJDK has backported disabling TLS 1.0 and 1.1 by default.

The relevant OpenJDK tickets can be found: CSR, Enhancement

Some counter points to backporting this were made on the mailing list.

TLS 1.0 and 1.1 are disabled by default starting from version 11.0.11, 8u292 and 7u301. Not all distributions kept the behaviour.

Amazon Corretto

Amazon decided to re-enable TLS 1.0 and 1.1 by default. This can be found in the release notes:

Azul Community

Azul decided to keep the default disable.


AdoptOpenJDK keeps the default disable.


To enable TLS 1.0 or 1.1 again you can alter the file and remove TLSv1 or TLSv1.1 from the security property jdk.tls.disabledAlgorithms.



Leave a Comment