Donaldhan
diff --git a/‎src/main/java/com/rabbitmq/client/ConnectionFactory.java
Lines changed: 15 additions & 3 deletions b/‎src/main/java/com/rabbitmq/client/ConnectionFactory.java
Lines changed: 15 additions & 3 deletions
diff --git a/‎src/test/java/com/rabbitmq/client/test/ssl/ConnectionFactoryDefaultTlsVersion.java
Lines changed: 29 additions & 0 deletions b/‎src/test/java/com/rabbitmq/client/test/ssl/ConnectionFactoryDefaultTlsVersion.java
Lines changed: 29 additions & 0 deletions
diff --git a/‎src/test/java/com/rabbitmq/client/test/ssl/SSLTests.java
Lines changed: 2 additions & 1 deletion b/‎src/test/java/com/rabbitmq/client/test/ssl/SSLTests.java
Lines changed: 2 additions & 1 deletion
@@ -81,8 +81,9 @@ public class ConnectionFactory implements Cloneable {
      *  zero means wait indefinitely */
     public static final int    DEFAULT_SHUTDOWN_TIMEOUT = 10000;
 
-    /** The default SSL protocol */
-    private static final String DEFAULT_SSL_PROTOCOL = "TLSv1";
+    private static final String PREFERED_TLS_PROTOCOL = "TLSv1.2";
+
+    private static final String FALLBACK_TLS_PROTOCOL = "TLSv1";
 
     private String username                       = DEFAULT_USER;
     private String password                       = DEFAULT_PASS;
@@ -552,7 +553,7 @@ public boolean isSSL(){
     public void useSslProtocol()
         throws NoSuchAlgorithmException, KeyManagementException
     {
-        useSslProtocol(DEFAULT_SSL_PROTOCOL);
+        useSslProtocol(computeDefaultTlsProcotol(SSLContext.getDefault().getSupportedSSLParameters().getProtocols()));
     }
 
     /**
@@ -589,6 +590,17 @@ public void useSslProtocol(SSLContext context) {
         setSocketFactory(context.getSocketFactory());
     }
 
+    public String computeDefaultTlsProcotol(String [] supportedProtocols) {
+        if(supportedProtocols != null) {
+            for (String supportedProtocol : supportedProtocols) {
+                if(PREFERED_TLS_PROTOCOL.equalsIgnoreCase(supportedProtocol)) {
+                    return supportedProtocol;
+                }
+            }
+        }
+        return FALLBACK_TLS_PROTOCOL;
+    }
+
     /**
      * Returns true if <a href="http://www.rabbitmq.com/api-guide.html#recovery">automatic connection recovery</a>
      * is enabled, false otherwise
 
@@ -0,0 +1,29 @@
+package com.rabbitmq.client.test.ssl;
+
+import com.rabbitmq.client.ConnectionFactory;
+import junit.framework.TestCase;
+import org.junit.Assert;
+
+public class ConnectionFactoryDefaultTlsVersion extends TestCase {
+
+    private ConnectionFactory connectionFactory = new ConnectionFactory();
+
+    public void testDefaultTlsVersionJdk16ShouldTakeFallback() {
+        String [] supportedProtocols = {"SSLv2Hello", "SSLv3", "TLSv1"};
+        String tlsProtocol = connectionFactory.computeDefaultTlsProcotol(supportedProtocols);
+        Assert.assertEquals("TLSv1",tlsProtocol);
+    }
+
+    public void testDefaultTlsVersionJdk17ShouldTakePrefered() {
+        String [] supportedProtocols = {"SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"};
+        String tlsProtocol = connectionFactory.computeDefaultTlsProcotol(supportedProtocols);
+        Assert.assertEquals("TLSv1.2",tlsProtocol);
+    }
+
+    public void testDefaultTlsVersionJdk18ShouldTakePrefered() {
+        String [] supportedProtocols = {"SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"};
+        String tlsProtocol = connectionFactory.computeDefaultTlsProcotol(supportedProtocols);
+        Assert.assertEquals("TLSv1.2",tlsProtocol);
+    }
+
+}
@@ -24,7 +24,8 @@
 public class SSLTests extends AbstractRMQTestSuite {
     public static TestSuite suite() {
         TestSuite suite = new TestSuite("ssl");
-        //Skip the tests if not under umbrella and not SSL available
+        suite.addTestSuite(ConnectionFactoryDefaultTlsVersion.class);
+        // Skip the tests if not under umbrella and no TLS setup available
         if (!requiredProperties()) return suite;
         if (!(isUnderUmbrella() && isSSLAvailable())) return suite;
         suite.addTestSuite(UnverifiedConnection.class);