The Java Cryptographic Roadmap has been updated [3]:
Distrust TLS 1.0 and TLS 1.1 by default
TLS protocol versions 1.0 and 1.1 are no longer considered
secure and have been superseded by more secure and modern
versions (TLS 1.2 and 1.3). This change has been integrated
with JDK 16 Early Access build 26.
Upgrade of default algorithms used to encrypt PKCS12 keystores
The new algorithms are based on AES-256 and SHA-256 and are
stronger than the old algorithms which were based on RC2,
DESede, and SHA-1.This change is already included in JDK 16
Early Access build 23.