I am trying to establish an SSL or TLS connection between a Java client and server I am setting up.
I have been using SSLContext.getInstance(“SSL”) to build the SSLContext, and it worked.
I would like to know what the purpose of the protocol parameter is in SSLContext.getInstance(String protocol).
In particular, what changes between using SSLContext.getInstance(“SSL”) and SSLContext.getInstance(“TLS”), or other possible values?
解决方案
Here is a rather detailed answer that I wrote a while back describing the difference between SSL and TLS. In short, TLS is the successor of SSL, and TLS 1.0 can be considered as “SSL 3.1”.
These static methods each return an instance that implements at least
the requested secure socket protocol. The returned instance may
implement other protocols too. For example, getInstance(“TLSv1”) may
return a instance which implements “TLSv1”, “TLSv1.1” and “TLSv1.2”.
This is also mentioned in the Standard Names document.
In particular, if you check the Oracle/OpenJDK 7 source code for SSLContextImpl, you’ll find that all its SSLContexts support all protocols (from SSLv3 using an SSLv2 Client Hello to TLS 1.2). What differs is which protocols are enabled by default. In addition, you shouldn’t rely on this in general, since other Java implementations (e.g. the IBM JRE) could behave differently.
If you want a particular set of protocols to be used for a connection, you should use SSLSocket or SSLEngine’s setEnabledProtocols method. Otherwise, it will use the default values, as described in the Providers documentation.