Purpose

Specifies a cryptographic protocol or comma-separated list of cryptographic protocols that can be used when TLS/SSL is enabled using the EncryptionMethod connection property.

Valid Values

cryptographic_protocol [[, cryptographic_protocol ]...]

where:

cryptographic_protocol
is one of the following cryptographic protocols:

TLSv1.3 | TLSv1.2 | TLSv1.1 | TLSv1 | SSLv3 | SSLv2

CAUTION: To avoid vulnerabilities associated with SSLv3 and SSLv2, good security practices recommend using TLSv1 or higher.

Example

If your server supports TLSv1.1 and TLSv1.2, you can specify acceptable cryptographic protocols with the following key-value pair:
CryptoProtocolVersion=TLSv1.1,TLSv1.2

Notes

  • The TLSv1.3 protocol works with Java SE 11 or higher by default.
  • To enable the TLSv1.3 protocol when using Java SE 8, set the jdk.tls.client.protocols Java system property to TLSv1.3. For example, $ java -Djdk.tls.client.protocols="TLSv1.3" myApp.

    In the following versions of Oracle JDK and OpenJDK, support for the TLSv1.3 protocol is not enabled by default.

    • Oracle JDK 8u261 or later but earlier than Oracle JDK 8u341
    • OpenJDK 8u272 or later but earlier than OpenJDK 8u352
  • When multiple protocols are specified, the driver uses the highest version supported by the server. If none of the specified protocols are supported by the server, the connection fails and the driver returns an error.
  • When no value has been specified for CryptoProtocolVersion, the cryptographic protocol used depends on the highest protocol version supported by the server and the highest protocol version supported by the JDK. Refer to the database management system documentation for information on which cryptographic protocols are supported.

Data Source Methods

public String getCryptoProtocolVersion()

public void setCryptoProtocolVersion(String)

Default

No default value

Data Type

String

See also