Reason for reenabling TLS 1.0, TLS 1.1

[mikebell90]

I know this has been planned by oracle for a long time. Does amazon have an alternative timeline

6e6fedb

[alvdavi]

Hi,

One of our distinguished engineers have published an article about this:
https://shufflesharding.com/posts/java-and-tls-10-11

An article with more details will also be published soon in the AWS Blog

[alvdavi]

Here is the entry in the AWS Blog:
https://aws.amazon.com/blogs/opensource/tls-1-0-1-1-changes-in-openjdk-and-amazon-corretto/

[mikebell90]

Both of those are well written, clear, and appreciated. The only question I have remaining is "Assuming a dramatic new security issue does not come to light to accelerate the removal timeframe, when is Amazon currently expecting to sunset these"

[davecurrie]

I can't commit to a timeline but it won't be long. We will disable them by default as soon as we have a good reason to believe it won't cause problems for many existing applications. Communicating it clearly will help users know about the issue and find/fix problems they may have, to accelerate the process. Direct feedback from our users is another way we will know what is happening.

I will be very happy if it turns out that disabling TLS 1.0/1.1 doesn't cause any problems anywhere and we can do the same in the next updates.

[apara]

@davecurrie any more updates on plans for when TLS 1.0/1.1 will be formally removed out of Corretto? We are currently somewhat dependent on TLS 1.0 / 1.1 functionality due to older hardware constraints. To avoid any surprises, have you guys made any decisions for when TLS 1.0 / 1.1 will be formally removed from the Java 11 builds?