jdk.tls.client.protocols Java System Property
The
jdk.tls.client.protocols
Java System Property accepts a string list containing TLS protocol versions which can be used in the client handshake process.
Default Value
If not specified Java will negotiate the TLS protocol with the server, ideally using the strongest one supported by both client and server.
Supported Values
Any of the TLS protocols defined by the implementation may be used. For example the
SunJSSE Provider
may support these, depending on the version of the runtime:
TLSv1.3
- Java 8u261 and up or Java 11 and up
TLSv1.2
- Java 7 and up
TLSv1.1
- modern java disallowed via
jdk.tls.disabledAlgorithms
security property
TLSv1
- modern java disallowed via
jdk.tls.disabledAlgorithms
security property
SSLv3
- typically disallowed via
jdk.tls.disabledAlgorithms
security property
SSLv2Hello
- typically disallowed via
jdk.tls.disabledAlgorithms
security property
jdk.tls.client.protocols
Explained
The jdk.tls.client.protocols system property determines which protocols are allowed to be used in the TLS client handshake process.
Related System Properties
Here are some other networking Java system properties:
http.agent
http.keepAlive
http.maxConnections
https.protocols
java.net.preferIPv4Stack
java.net.preferIPv6Addresses
java.net.useSystemProxies
javax.net.debug
javax.net.ssl.trustStore
jdk.net.hosts.file
jdk.tls.disabledAlgorithms
networkaddress.cache.negative.ttl
networkaddress.cache.ttl
sun.net.client.defaultConnectTimeout
sun.net.client.defaultReadTimeout
sun.net.inetaddr.ttl
References
JSSE Reference Guide
Supported Since
Java has supported the
jdk.tls.client.protocols
system property since Java 8, or after Java 7u95 / Java 6u121.
Setting
jdk.tls.client.protocols
on Startup
You can set the
jdk.tls.client.protocols
java system property during startup of the java runtime using the
-D
command line argument:
java -Djdk.tls.client.protocols=TLSv1.3 MyAppMain
You may also be able to specify
jdk.tls.client.protocols
via the
JAVA_TOOL_OPTIONS
environment variable:
JAVA_TOOL_OPTIONS=-Djdk.tls.client.protocols=TLSv1.3
Setting / Reading
jdk.tls.client.protocols
at Runtime
You can set jdk.tls.client.protocols at runtime with the following Java code:
System.setProperty("jdk.tls.client.protocols", "TLSv1.3");
WARNING: Depending on the property and JVM version using
setProperty
may or may not work if the JDK Java class that uses this variable has already been loaded. The value of the jdk.tls.client.protocols system property may be cached within an internal private static variable of the implementing class.
To read the value of jdk.tls.client.protocols at runtime, you can use this Java code:
String propertyValue = System.getProperty("jdk.tls.client.protocols");
if (propertyValue != null) {
System.out.println("jdk.tls.client.protocols = " + propertyValue);
} else {
System.out.println("jdk.tls.client.protocols was null");
