https.protocols Java System Property accepts a string list containing TLS protocol versions.If not specified Java will negotiate the TLS protocol with the server, ideally using the strongest one supported.
Any of the TLS protocols defined by the implementation may be used. For example the SunJSSE Provider may support these, depending on the version of the runtime:
TLSv1.3 - Java 8u261 and up or Java 11 and up TLSv1.2 - Java 7 and upTLSv1.1 - modern java disallowed via jdk.tls.disabledAlgorithms security propertyTLSv1 - modern java disallowed via jdk.tls.disabledAlgorithms security propertySSLv3 - typically disallowed via jdk.tls.disabledAlgorithms security propertySSLv2Hello - typically disallowed via jdk.tls.disabledAlgorithms security propertyhttps.protocols ExplainedAccording to the Java blog the https.protocols system property works as follows:
Controls the protocol version used by Java clients which obtain https connections through use of the HttpsURLConnection class or via URL.openStream() operations.
The above is important to understand, depending on what you use for an HTTP client, this setting may not have an effect if your client doesn't use the HttpsURLConnection class or URL.openStream() methods.
This setting likely impacts the new Java Http Client added in Java 11: java.net.http.HttpClient, though we have not yet confirmed this.
Due to these limitations you may prefer using the jdk.tls.client.protocols system property instead of https.protocols.
Here are some other networking Java system properties:
http.agenthttp.keepAlivehttp.maxConnectionsjava.net.preferIPv4Stackjava.net.preferIPv6Addressesjava.net.useSystemProxiesjavax.net.debugjavax.net.ssl.trustStorejdk.net.hosts.filejdk.tls.client.protocolsjdk.tls.disabledAlgorithmsnetworkaddress.cache.negative.ttlnetworkaddress.cache.ttlsun.net.client.defaultConnectTimeoutsun.net.client.defaultReadTimeoutsun.net.inetaddr.ttlJava has supported the https.protocols system property since at least version 1.7, support may go back to even older versions of java.
https.protocols on StartupYou can set the https.protocols java system property during startup of the java runtime using the -D command line argument:
java -Dhttps.protocols=TLSv1.3 MyAppMain
You may also be able to specify https.protocols via the JAVA_TOOL_OPTIONS environment variable:
JAVA_TOOL_OPTIONS=-Dhttps.protocols=TLSv1.3
https.protocols at RuntimeYou can set https.protocols at runtime with the following Java code:
System.setProperty("https.protocols", "TLSv1.3");
WARNING: Depending on the property and JVM version using
setPropertymay or may not work if the JDK Java class that uses this variable has already been loaded. The value of the https.protocols system property may be cached within an internal private static variable of the implementing class.
To read the value of https.protocols at runtime, you can use this Java code:
String propertyValue = System.getProperty("https.protocols");
if (propertyValue != null) {
System.out.println("https.protocols = " + propertyValue);
} else {
System.out.println("https.protocols was null");
}