JDK 11 Adds Support for TLS 1.3 and HTTP/2

• By John K. Waters
• 09/27/18

Oracle this week formally released JDK 11, the latest update of the reference implementation of the Java SE Platform, and the first long-term support (LTS) update under the company's new six-month release schedule.

JDK 11 comes with several developer productivity enhancements, along with new support for modern cryptographic and Internet standards, including TLS 1.3 and HTTP/2.

The new accelerated release cadence, announced last year, calls for a feature release every six months, update releases every quarter, and an LTS release every three years (or once every six versions). The JDK 10 release in March was a feature release and the first in the new rapid release cadence. The next LTS release will be Java 17, which is scheduled for release in September 2021.

"Long-term support" means Oracle will provide security and bug-fixes for JDK 11 through the Java 17 update.

"The LTS model releases enable our customers to migrate from one well supported Java SE LTS release to the next at their own pace, while at the same time allowing the Java developer ecosystem to get access to improvements faster than before," said Georges Saab, vice president of software development in Oracle's Java Platform Group, in a prepared statement. "Together with the introduction of Oracle Java SE Subscription, customers now have an easy way to benefit from access to regular releases of tested and certified performance, stability, and security updates, directly from Oracle."

Oracle unveiled its Java SE Subscription service in June. The monthly subscription provides Java SE licensing and support for use on desktops, servers and cloud deployments It covers commercial features and tools and includes Oracle Premier Support for current and previous Java SE versions.

Since the release of Java SE 8, Oracle and the Java community have collaborated on more than 100 new enhancements that were added through JDK 9, 10 and 11. Oracle is throwing a spotlight on two in this update: support for HTTP/2 and TLS 1.3. HTTP/2 is a major revision of the HTTP network protocol. Oracle is providing the support via a new HTTP client API (JEP 110), currently an incubator module. The Transportation Layer Security (TLS) 1.3 protocol, which is the successor to SSL (Secure Sockets Layer), is also supported (JEP 332). TLS provides secure communication between Web browsers and servers.

"The new Java release cycle for Java SE means that important security protocols and other standards such as TLS 1.3 can be released and adopted rapidly," said Jim Manico, co-author of "Iron Clad Java" and founder of Manicode Security, in a statement, "giving application developers more tools to write secure software with the world's most popular language -- Java!"

The list of other features Oracle is highlighting in the JDK 11 release includes:

• Nest-based access controls: eliminates the need for compilers to insert accessibility-broadening bridge methods.
• Dynamic class-file constants: reduces the cost and disruption of creating new forms of materializable class-file constants and offers broader options for expressivity and performance.
• ZGC: a completely passive GC implementation with a bounded allocation limit and the lowest latency overhead possible.
• Flight Recorder: low overhead data collection framework for troubleshooting Java applications and the HotSpot JVM.

Further information can be found at oracle.com.