JDK-6409286 : Vista: enable HTTPS protocol TLSv1 instead of SSLv2 by default and Text changes
  • Type: Bug
  • Component: deploy
  • Sub-Component: plugin
  • Affected Version: 5.0,6
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: windows,windows_xp
  • CPU: x86
  • Submitted: 2006-04-05
  • Updated: 2010-04-04
  • Resolved: 2006-04-19
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other JDK 6
5.0u10Fixed 6 b81Fixed
Related Reports
Duplicate :  
JDK-6373611 - Java 5.0 update 6
Description
HTTPS uses encryption to secure your internet traffic to protect if from snooping or tampering by others on the network. HTTPS uses either the Secure Sockets Layer (SSL) or the Transport Layer Security (TLS)protocols to protect data.

For IE 7, the default HTTPS protocol settings will be changed to disable the weaker SSLv2 protocol and to enable the stronger TLSv1 protocol. Hence, by default, IE7 users will negotiate HTTPS connections using SSLv3 or TLSv1.

Our Mustang release will target to user which have or will have IE installed on their machine, so we will changed the default HTTPS protocol using SSLv3 and TLSv1 instead of SSLv2 and SSLv3, which is the same default configuration in IE7.

Generally, user will not notice any difference in the user-experience due to this change; it's a silent improvement in security. Currently there are only a handful of sites left on the internet that require SSLv2, and they will still be able to use SSLv2 by changing this option in Java control panel.
Comments
EVALUATION This bug will be fixed in Mustang B81.
05-04-2006