Pete FreitagJava versions supporting TLS 1.3
Updated on May 08, 2024
By Pete Freitag
By Pete Freitag
What versions of Java support TLSv1.3 / TLS 1.3?
Java 8 TLS 1.3 Support
If you are on Java 8 (or 1.8 if you prefer) then you need version 8u261 b12 or greater. This version was released on July 14, 2020.
Java 11 TLS 1.3 Support
Java 11 has supported TLS 1.3 since it was first released, however there were some bugs in the early versions. For that reason you should probably shoot for at least version 11.0.8 which is when TLSv1.3 support was added to Java 8.
How can I see if my Java code supports TLSv1.3?
Try connecting to tls13.akamai.io and see what it responds with. Here's some java code to do that:
java.net.URL u = new java.net.URL("https://tls13.akamai.io/");
java.net.HttpURLConnection connection = (java.net.HttpURLConnection)u.openConnection();connection.connect();
Object content = connection.getContent();
connection.disconnect();
Java versions supporting TLS 1.3 was first published on May 11, 2021.
If you like reading about tls, java, or versions then you might also like:
- TLSv1 and TLSv1.1 Disabled by Default in Java
- Java LTS Versions Explained with EOL Dates
- How to Resolve Java HTTPS Exceptions
Weekly Security Advisories Email
Advisory Week is a new weekly email containing security advisories published by major software vendors (Adobe, Apple, Microsoft, etc).
Comments
James - thanks that's a nice test, I use those badssl.com hosts for testing as well, but they don't have one for TLS 1.3 yet.
One thing about using tls13.akamai.io in a test like this is that it also responds to other protocols, so you'd have to inspect the fileContent to see if it really supports TLSv1.3. I probably should have made that more clear in the blog entry.
One thing about using tls13.akamai.io in a test like this is that it also responds to other protocols, so you'd have to inspect the fileContent to see if it really supports TLSv1.3. I probably should have made that more clear in the blog entry.
by Pete Freitag on 05/11/2021 at 4:19:34 PM UTC
Thanks for the update. I removed the akamai host from my unit test as I didn't want to have to additionally inspect the content.
https://tls13.1d.pw/ is a TLS1.3-ONLY server which means you can only connect to it using TLS1.3. (Connection failure = the HTTP request didn't use TLS1.3.)
https://tls13.1d.pw/ is a TLS1.3-ONLY server which means you can only connect to it using TLS1.3. (Connection failure = the HTTP request didn't use TLS1.3.)
by James Moberg on 05/11/2021 at 4:34:12 PM UTC
Here's a TestBox unit test if you wish to test and compare CFHTTP to modern Chrome browser behavior. (I've added akamai as the default TLS 1.3 host.)
https://dev.to/gamesover/cfml-unit-tests-for-cfhttp-and-badssl-1lfa