TLS versions: The allowable versions of TLS protocol can be restricted using the connection properties enabledTLSProtocols and, for X DevAPI connections and for release 8.0.19 and later, xdevapi.tls-versions (when xdevapi.tls-versions is not specified, it takes up the value of enabledTLSProtocols). If no such restrictions have been specified, Connector/J attempts to connect to the server with the following TLS versions: TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 for MySQL Community Servers 8.0, 5.7.28 and later, and 5.6.46 and later, and for all commercial versions of MySQL Servers. TLSv1,TLSv1.1 for all other versions of MySQL Servers.
Notes For Connector/J 8.0.26 and later: The TLSv1 and TLSv1.1 protocols have been deprecated. While connections to the server using those TLS versions can still be made with the same negotiation process as described above, for any connections established using those TLS versions, Connector/J writes to its logger the message "This connection is using TLSv1[.1] which is now deprecated and will be removed in a future release of Connector/J."
For Connector/J 8.0.18 and earlier when connecting to MySQL Community Server 5.6 and 5.7 using the JDBC API: Due to compatibility issues with MySQL Server compiled with yaSSL, Connector/J does not enable connections with TLSv1.2 and higher by default. When connecting to servers that restrict connections to use those higher TLS versions, enable them explicitly by setting the Connector/J connection property enabledTLSProtocols (e.g., set enabledTLSProtocols=TLSv1,TLSv1.1,TLSv1.2).