Stop using a specific, hardcoded SSL Context.
Openfire (in EncryptionFactory, potentially other places) uses a SSLContext that's TLSv1, hardcoded. This was probably a good, strong choice at the time it was written, but it's starting to become a mediocre choice now.
Openfire should not hardcode the setting - the default setting should be increased.
Interestingly, Java allows you to use a version named 'default' - which probably is going to be something that's deemed appropriate in a particular version of Java.
Openfire should allow the context version to be updated, and should probably use 'default' if no explicit configuration is given.
picked onto 4.4 branch
Testing commit on Ignite and then will backport to 4.4 if OK.