Reason for reenabling TLS 1.0, TLS 1.1
mikebell90 opened this issue · 5 comments
I know this has been planned by oracle for a long time. Does amazon have an alternative timeline
Hi,
One of our distinguished engineers have published an article about this:
https://shufflesharding.com/posts/java-and-tls-10-11
An article with more details will also be published soon in the AWS Blog
Here is the entry in the AWS Blog:
https://aws.amazon.com/blogs/opensource/tls-1-0-1-1-changes-in-openjdk-and-amazon-corretto/
Both of those are well written, clear, and appreciated. The only question I have remaining is "Assuming a dramatic new security issue does not come to light to accelerate the removal timeframe, when is Amazon currently expecting to sunset these"
I can't commit to a timeline but it won't be long. We will disable them by default as soon as we have a good reason to believe it won't cause problems for many existing applications. Communicating it clearly will help users know about the issue and find/fix problems they may have, to accelerate the process. Direct feedback from our users is another way we will know what is happening.
I will be very happy if it turns out that disabling TLS 1.0/1.1 doesn't cause any problems anywhere and we can do the same in the next updates.
@davecurrie any more updates on plans for when TLS 1.0/1.1 will be formally removed out of Corretto? We are currently somewhat dependent on TLS 1.0 / 1.1 functionality due to older hardware constraints. To avoid any surprises, have you guys made any decisions for when TLS 1.0 / 1.1 will be formally removed from the Java 11 builds?