Mercurial Mercurial > jdk-sandbox / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
jdk/src/share/classes/sun/security/ssl/ProtocolList.java
changeset 7043 5e2d1edeb2c7
parent 7039 6464c8e62a18
child 7990 57019dc81b66 
--- a/jdk/src/share/classes/sun/security/ssl/ProtocolList.java	Mon Nov 01 10:59:03 2010 -0700
+++ b/jdk/src/share/classes/sun/security/ssl/ProtocolList.java	Mon Nov 01 22:02:35 2010 -0700
@@ -181,7 +181,8 @@
         if (SunJSSE.isFIPS()) {
             SUPPORTED = new ProtocolList(new String[] {
                 ProtocolVersion.TLS10.name,
-                ProtocolVersion.TLS11.name
+                ProtocolVersion.TLS11.name,
+                ProtocolVersion.TLS12.name
             });
 
             SERVER_DEFAULT = SUPPORTED;
@@ -193,10 +194,21 @@
                 ProtocolVersion.SSL20Hello.name,
                 ProtocolVersion.SSL30.name,
                 ProtocolVersion.TLS10.name,
-                ProtocolVersion.TLS11.name
+                ProtocolVersion.TLS11.name,
+                ProtocolVersion.TLS12.name
             });
 
             SERVER_DEFAULT = SUPPORTED;
+
+            /*
+             * RFC 5246 says that sending SSLv2 backward-compatible
+             * hello SHOULD NOT be done any longer.
+             *
+             * We are not enabling TLS 1.1/1.2 by default yet on clients
+             * out of concern for interop with existing
+             * SSLv3/TLS1.0-only servers.  When these versions of TLS
+             * gain more traction, we'll enable them.
+             */
             CLIENT_DEFAULT = new ProtocolList(new String[] {
                 ProtocolVersion.SSL30.name,
                 ProtocolVersion.TLS10.name
jdk-sandbox