Is TLSv1.3 supported in OpenJDK 11 under Ubuntu?

Question

On Ubuntu 18.04

sudo apt install openjdk-11-source

results in a ProtocolVersion.java that does not know about TLSv1.3 . Is there any way to correct that (without restrictive licencing)?

Answer 1

It seems that for some reason, Ubuntu actually ships Java 10 under openjdk-11-* packages.

Answer 2

Update

Since April 23rd 2019, Ubuntu (18.04 LTS and more recent editions) ships with a JRE/JDK version 11.0.3. For this reason, the original answer by alamar is outdated.

For reasons of curiosity, I wrote a little TLS v1.3 check tool that programmatically checks the TLS v1.3 support of a target runtime environment. This way, one can quickly spot what's going on:

public class TLS13Checker {

    public static void main(String[] args) {
        SSLContext context = null;
        try {
            KeyStore keyStore = KeyStore.getInstance("pkcs12");
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
            trustManagerFactory.init(keyStore);
            TrustManager[] trustAllCerts = trustManagerFactory.getTrustManagers();
            context = SSLContext.getInstance("TLSv1.3");
            context.init(null, trustAllCerts, new SecureRandom());

            SSLParameters params = context.getSupportedSSLParameters();
            String[] protocols = params.getProtocols();
            System.out.println("Java version : " + System.getProperty("java.runtime.version"));
            boolean supportsTLSv13 = false;
            for (String protocol : protocols) {
                if ("TLSv1.3".equals(protocol)) {
                    supportsTLSv13 = true;
                    break;
                }
            }
            if(supportsTLSv13) {
                System.out.println("JRE supports TLS v1.3!");
            } else {
                System.out.println("JRE does NOT support TLS v1.3!");
            }
            String[] suites = params.getCipherSuites();
            System.out.println("A total of " + suites.length + " TLS cipher suites is supported.");

        } catch (NoSuchAlgorithmException | KeyManagementException | KeyStoreException e) {
            e.printStackTrace();
            System.exit(42);
        }

    }
}

You can simply compile and run it, and the output will be similar to what I got with a recent OpenJDK environment (under MacOS):

Java version : 11.0.3+7
JRE supports TLS v1.3!
A total of 45 TLS cipher suites is supported.

In addition, this list gives an overview over all regular JSSE Cipher Suite Names. It might be helpful for reference or other (implementation) purposes.

Hope it helps.