jdk.tls.client.protocols Java System Property

Default Value

If not specified Java will negotiate the TLS protocol with the server, ideally using the strongest one supported by both client and server.

Supported Values

Any of the TLS protocols defined by the implementation may be used. For example the SunJSSE Provider may support these, depending on the version of the runtime:

• TLSv1.3 - Java 8u261 and up or Java 11 and up
• TLSv1.2 - Java 7 and up
• TLSv1.1 - modern java disallowed via jdk.tls.disabledAlgorithms security property
• TLSv1 - modern java disallowed via jdk.tls.disabledAlgorithms security property
• SSLv3 - typically disallowed via jdk.tls.disabledAlgorithms security property
• SSLv2Hello - typically disallowed via jdk.tls.disabledAlgorithms security property

jdk.tls.client.protocols Explained

The jdk.tls.client.protocols system property determines which protocols are allowed to be used in the TLS client handshake process.

Related System Properties

Here are some other networking Java system properties:

• http.agent
• http.keepAlive
• http.maxConnections
• https.protocols
• java.net.preferIPv4Stack
• java.net.preferIPv6Addresses
• java.net.useSystemProxies
• javax.net.debug
• javax.net.ssl.trustStore
• jdk.net.hosts.file
• jdk.tls.disabledAlgorithms
• networkaddress.cache.negative.ttl
• networkaddress.cache.ttl
• sun.net.client.defaultConnectTimeout
• sun.net.client.defaultReadTimeout
• sun.net.inetaddr.ttl

References

• JSSE Reference Guide

Supported Since

Java has supported the jdk.tls.client.protocols system property since Java 8, or after Java 7u95 / Java 6u121.

Setting jdk.tls.client.protocols on Startup

You can set the jdk.tls.client.protocols java system property during startup of the java runtime using the -D command line argument:

java -Djdk.tls.client.protocols=TLSv1.3 MyAppMain

You may also be able to specify jdk.tls.client.protocols via the JAVA_TOOL_OPTIONS environment variable:

JAVA_TOOL_OPTIONS=-Djdk.tls.client.protocols=TLSv1.3

Setting / Reading jdk.tls.client.protocols at Runtime

You can set jdk.tls.client.protocols at runtime with the following Java code:

System.setProperty("jdk.tls.client.protocols", "TLSv1.3");

WARNING: Depending on the property and JVM version using setProperty may or may not work if the JDK Java class that uses this variable has already been loaded. The value of the jdk.tls.client.protocols system property may be cached within an internal private static variable of the implementing class.

To read the value of jdk.tls.client.protocols at runtime, you can use this Java code:

String propertyValue = System.getProperty("jdk.tls.client.protocols");
if (propertyValue != null) {
    System.out.println("jdk.tls.client.protocols = " + propertyValue);
} else {
    System.out.println("jdk.tls.client.protocols was null");
}