JDK-8190492 : Remove SSLv2Hello and SSLv3 from default enabled TLS protocols
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2017-11-01
  • Updated: 2022-11-18
  • Resolved: 2019-12-10
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 14
14 b27Fixed
Related Reports
CSR :  
Relates :  
Sub Tasks
JDK-8235639 :  
Description
SSLv3 is disabled by default because it is included in the jdk.tls.disabledAlgorithms security property, but we should also remove SSLv3 from the default enabled protocols of the JDK implementation. RFC 7568 says that SSLv3 should not be used.


Comments
URL: https://hg.openjdk.java.net/jdk/jdk/rev/9ea6521df290 User: rhalade Date: 2019-12-10 05:38:56 +0000
10-12-2019