From 9471eff332c33e104ec5f7a934c9b5472d6a0dc0 Mon Sep 17 00:00:00 2001
From: olivier lamy <oliver.lamy@gmail.com>
Date: Sat, 9 Mar 2019 12:14:08 +1000
Subject: [PATCH] Issue #3425 upgrade conscrypt to 2.0.0 add note to disable
 TLS 1.3 for Java 8

Signed-off-by: olivier lamy <oliver.lamy@gmail.com>
---
 .../main/asciidoc/configuring/connectors/configuring-ssl.adoc  | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/jetty-documentation/src/main/asciidoc/configuring/connectors/configuring-ssl.adoc b/jetty-documentation/src/main/asciidoc/configuring/connectors/configuring-ssl.adoc
index eff950eb2ef..6abde51fe5f 100644
--- a/jetty-documentation/src/main/asciidoc/configuring/connectors/configuring-ssl.adoc
+++ b/jetty-documentation/src/main/asciidoc/configuring/connectors/configuring-ssl.adoc
@@ -739,6 +739,9 @@ sslContextFactory.setProvider("Conscrypt");
 
 If you are using the Jetty Distribution, please see the section on enabling the link:#jetty-conscrypt-distribution[Conscrypt SSL module.]
 
+If you are using Conscrypt with Java 8, you must exclude `TLSv1.3` protocol as it is now enabled per default with Conscrypt 2.0.0 but not supported by Java 8.
+
+
 ==== Configuring SNI
 
 From Java 8, the JVM contains support for the http://en.wikipedia.org/wiki/Server_Name_Indication[Server Name Indicator (SNI)] extension, which allows a SSL connection handshake to indicate one or more DNS names that it applies to.