TLS v1.0 and TLS v1.1 in Liferay DXP

• How to confirm that TLS v1.0 and TLS v1.1 are disabled by default in Liferay DXP 7.2?

• Liferay DXP 7.1
• Liferay DXP 7.2
• Liferay DXP 7.3
• Liferay DXP 7.4

• In Java 8, TLS v1.0 and TLS v1.1 are disabled by default. Which can be verified in the java.security file.

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
DH keySize < 1024, EC keySize < 224, 3DESEDECBC, anon, NULL, \
include jdk.disabled.namedCurves

• The java.security file placed is at /usr/lib/jvm/zulu8/jre/lib/security/ path in case of using Java 8.
• In the case of Java 11, the java.security the file can be found at /usr/lib/jvm/zulu11/conf/security path.

• Oracle's official document: JDK 8 will use TLS 1.2 as the default
• Customer and Deployment Impact of Disabling TLS 1.0 for Inbound Traffic on Liferay Services