JEP 332: Transport Layer Security (TLS) 1.3

OwnerXue-Lei Fan
Componentsecurity-libs /
Discussionsecurity dash dev at openjdk dot java dot net
Reviewed byAndrew Gross, Brian Goetz, Sean Mullan
Endorsed byBrian Goetz
Created2015/12/12 05:26
Updated2018/08/14 16:17


Implement version 1.3 of the Transport Layer Security (TLS) Protocol RFC 8446.


It is not a goal to support version 1.3 of the Datagram Transport Layer Security (DTLS) Protocol. It is also not a goal to support every feature of TLS 1.3; see the Description section for more details on what will be implemented.


TLS 1.3 is a major overhaul of the TLS protocol and provides significant security and performance improvements over previous versions. Several early implementations from other vendors are available already. We need to support TLS 1.3 to remain competitive and keep pace with the latest standard.


TLS 1.3 is a new TLS version which supersedes and obsoletes previous versions of TLS including version 1.2 (RFC 5246). It also obsoletes or changes other TLS features such as the OCSP stapling extensions (RFC 6066, RFC 6961), and the session hash and extended master secret extension (RFC 7627).

The Java Secure Socket Extension (JSSE) in the JDK provides a framework and a Java implementation of the SSL, TLS, and DTLS protocols. Currently, the JSSE API and JDK implementation supports SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, DTLS 1.0 and DTLS 1.2.

The primary goal of this JEP is a minimal interoperable and compatible TLS 1.3 implementation. A minimal implementation should support:

No new public APIs are required for the minimal implementation. The following new standard algorithm names are required:

Additionally, the KRB5 cipher suites will be removed from the JDK because they are no longer considered safe to use.

In parallel with this JEP, we will develop cryptographic algorithm support for the following optional TLS 1.3 features:

These features may be included in this JEP if time permits; otherwise they will be targeted and integrated as separate features.

The following significant features will not be implemented as part of this JEP:

TLS 1.3 is not directly compatible with previous versions. Although TLS 1.3 can be implemented with a backward-compatibility mode, there are several compatibility risks when using this mode:

To minimize compatibility risk, this TLS 1.3 implementation will implement and enable the backward-compatibility mode by default. An application can turn off the backward-compatibility mode, and turn TLS 1.3 on or off if desired.


Tests will be developed or enhanced to validate the following general requirements:

Risks and Assumptions

A third party TLS 1.3 implementation that supports the RFC is required for interoperability testing.


TLS 1.3 requires support for the RSASSA-PSS signature algorithms (8146293).