[
https://issues.apache.org/jira/browse/HTTPCLIENT-2258?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17677686#comment-17677686
]
Aleksandr Beliakov commented on HTTPCLIENT-2258:
------------------------------------------------
Hello [~michael-o] and [~olegk],
Thank you for the explanation. I was under impression that "TLS" value will
always use the historical version of the TLS protocol. I did some tests and
indeed it choses the "best" version based on JDK and system properties
configuration.
That is completely fine then.
Best regards,
Aleksandr.
> Why "TLS" protocol is used by default
> -------------------------------------
>
> Key: HTTPCLIENT-2258
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2258
> Project: HttpComponents HttpClient
> Issue Type: Wish
> Affects Versions: 5.2.1
> Reporter: Aleksandr Beliakov
> Priority: Minor
>
> Hello,
>
> [SSLContextBuilder.java|https://github.com/apache/httpcomponents-core/blob/rel/v5.2.1/httpcore5/src/main/java/org/apache/hc/core5/ssl/SSLContextBuilder.java]
> defines "TLS" version of SSL protocol to be used as a default value in
> initialization of the SSLContext.
> Why the old version is used and it is not updated to the recommended now
> "TLSv1.3" version of SSL protocol? The version has been also added as a
> default one to be used in JDK 8. See [Oracle JRE and JDK Cryptographic
> Roadmap|https://www.java.com/en/jre-jdk-cryptoroadmap.html]
>
> Thank you.
>
> Best regards,
> Aleksandr.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
