[JDK-8190492] Remove SSLv2Hello and SSLv3 from default enabled TLS protocols - Java Bug System

XML

Word

Printable

Details

Type: Enhancement
Status: Resolved
Priority: P3
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 14
Component/s: security-libs
Labels:
- release-note=yes
- security-disabled-algs-sslv3

Subcomponent:
javax.net.ssl
Resolved In Build:
b27

Description

SSLv3 is disabled by default because it is included in the jdk.tls.disabledAlgorithms security property, but we should also remove SSLv3 from the default enabled protocols of the JDK implementation. RFC 7568 says that SSLv3 should not be used.

Attachments

Issue Links

csr for

JDK-8235350 Remove SSLv2Hello and SSLv3 from default enabled TLS protocols

Closed

relates to

JDK-8235448 code cleanup in SSLContextImpl.java

Resolved

Options

Sub-Tasks

Release Note: Removed SSLv2Hello and SSLv3 From Default Enabled TLS Protocols

Closed

Rajan Halade

Activity

People

Assignee:: Rajan Halade

Reporter:: Sean Mullan

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Due:: 2019-12-06

Created:: 2017-11-01 12:59

Updated:: 2019-12-16 19:32

Resolved:: 2019-12-09 21:43