SSLParameters support the following properties (as per Spring notation): cipherSuites, protocols, wantClientAuth, needClientAuth, algorithmConstraints, endpointIdentificationAlgorithm, serverNames, SNIMatchers, useCipherSuitesOrder.

However, in the SSL{Socket, ServerSocket, Engine}.setSSLParameters it is apparent that only cipherSuites, protocols, wantClientAuth, needClientAuth are used. What's the rest of SSLParameters are for?

Are they just for custom heavyweight implementations such as HTTPS clients, and as such not used at all by JVM? Is the support for these features located elsewhere, if so, where? Is useCipherSuitesOrder supported by JVM, where? Is it actually a desired feature?

Another question is that SSLParameters has protocols, but they are applied to e.g. SSLSocket already created using SSLContext, which already has a single protocol chosen. In which contexts does this make sense? Can you pre-apply SSLParameters to SSLContext? Can you have widest possible SSLContext and then constrain it using SSLParameters? E.g. does it make sense to have SSLContext of protocol "TLS" and then use SSLParameters of protocols {"TLSv1.1", "TLSv1.2"} to only have a subset of TLS cipher suites? Is "TLS" a superset of all "TLSv1.x"?

Years later I can answer my own question: Apparently, when you call ctx.createSSLEngine() an instance of vendor-specific SSLEngine will be returned, such as sun.security.ssl.SSLEngineImpl, which will make more thorough use of passed SSLParameters by passing them to sun.security.ssl.SSLConfiguration#setSSLParameters.