Can't find the best way to disable TLS versions? An expert could help!

Subscribers click here.

Security Resources

Issue Tracker - Security

Need more help? Learn about
Oracle Java Support subscriptions

How to Disable TLS Versions by Default


This page quickly covers how to disable TLS versions by default in the JDK.


1. Locate the java.security file

First you must locate the java.security file on your system.


2. Backup the file

Make a backup copy of the file for safety


3. Edit the jdk.tls.disabledAlgorithms property

Locate this property and append the TLS version you wish to disable to the end.

For example, if the property is configured like this:

jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC, anon, NULL`

…you can disable TLSv1.0 and TLSv1.1 by adding TLSv1, TLSv1.1:

jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC, anon, NULL, `*`TLSv1, TLSv1.1`*

4. Restart all Java applications using this JDK

The changes will not take effect until the applications using the JDK have been restarted.


Last reviewed on Sat Feb 01 2025 00:00:00 GMT+0000 (Coordinated Universal Time)