---

id: 79

slug: "tls-default"

title: "TLS 1.3 by default"

category: "security"

difficulty: "intermediate"

jdkVersion: "11"

oldLabel: "Java 8"

modernLabel: "Java 11+"

oldApproach: "Manual TLS Config"

modernApproach: "TLS 1.3 Default"

oldCode: |-

SSLContext ctx =

SSLContext.getInstance("TLSv1.2");

ctx.init(null, trustManagers, null);

SSLSocketFactory factory =

ctx.getSocketFactory();

// Must specify protocol version

modernCode: |-

// TLS 1.3 is the default!

var client = HttpClient.newBuilder()

.sslContext(SSLContext.getDefault())

.build();

// Already using TLS 1.3

summary: "TLS 1.3 is enabled by default — no explicit protocol configuration needed."

explanation: "Java 11 added TLS 1.3 support and made it the preferred protocol. The\

\ HttpClient uses it automatically. No more manually specifying protocol versions\

\ for secure connections."

whyModernWins:

- icon: "🛡️"

title: "More secure"

desc: "TLS 1.3 removes obsolete cipher suites and handshake patterns."

- icon: "⚡"

title: "Faster handshake"

desc: "TLS 1.3 completes in one round trip vs two."

- icon: "🆓"

title: "Zero config"

desc: "Secure by default — no explicit protocol selection needed."

support:

state: "available"

description: "Widely available since JDK 11 (Sept 2018)"

prev: "security/strong-random"

next: "security/random-generator"

related:

- "security/pem-encoding"

- "security/key-derivation-functions"

- "security/strong-random"

docs:

- title: "SSLContext"

href: "https://docs.oracle.com/en/java/javase/25/docs/api/java.base/javax/net/ssl/SSLContext.html"

- title: "Java Security Guide"

href: "https://docs.oracle.com/en/java/javase/25/security/java-security-overview1.html"