How to find what SSL/TLS version is used in Java

Get the SSLSession from your SSLSocket on your client and use its getProtocol() method.

Oracle JRE/OpenJDK 6 supports SSLv3 and TLS 1.0. You would need at least the IBM JRE 6/7 or Oracle JRE/OpenJDK 7 to get support for TLS 1.1 and TLS 1.2. (This is also related to the available cipher suites, as mentioned in this question.)


You can use the following snippet to get an array of the supported protocols:

SSLContext.getDefault().getSupportedSSLParameters().getProtocols()

If you want it as a whitespace delimited string, e.g. for SMTP negotiation, pass the array to String.join(), i.e.:

String.join(" ", SSLContext.getDefault().getSupportedSSLParameters().getProtocols())

The latter snippet shows in Java 8 on Windows:

SSLv2Hello SSLv3 TLSv1 TLSv1.1 TLSv1.2

And in Java 11 on Windows:

TLSv1.3 TLSv1.2 TLSv1.1 TLSv1 SSLv3 SSLv2Hello


for tomcat 8.5.38 and 8.5.46 (and probably tomcat 7.0x and newer) adding this to the AccessLogValve pattern (in server.xml) - and enabling that Valve - will show the TLS version in use:

%{org.apache.tomcat.util.net.secure_protocol_version}r

eg
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" %{org.apache.tomcat.util.net.secure_protocol_version}r />