Affects Version/s: 7.0.0, 7.1.0
The admin guide configures a connection handler using TLS 1.3 and the TLS_EMPTY_RENEGOTIATION_INFO_SCSV pseudo cipher from RFC 5746: https://backstage.forgerock.com/docs/ds/7/security-guide/connections.html#tls-restrict-protocols-and-cipher-suites
However it seems like this pseudo cipher is an extension for TLS 1.2 and is not permitted by TLS 1.3. RFC 8446:
Although TLS 1.3 uses the same cipher suite space as previous
versions of TLS, TLS 1.3 cipher suites are defined differently, only
specifying the symmetric ciphers, and cannot be used for TLS 1.2.
Similarly, cipher suites for TLS 1.2 and lower cannot be used with
It isn't very clear what Java's TLS 1.3 code will do with this (ignore it?), but it seems prudent to remove it from the examples if the intention is to only allow TLS 1.3.