Details
-
Type:
Enhancement
-
Status: Resolved
-
Priority:
P3
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 14
-
Component/s: security-libs
-
Subcomponent:
-
Resolved In Build:b27
Description
SSLv3 is disabled by default because it is included in the jdk.tls.disabledAlgorithms security property, but we should also remove SSLv3 from the default enabled protocols of the JDK implementation. RFC 7568 says that SSLv3 should not be used.
Attachments
Issue Links
- csr for
-
JDK-8235350 Remove SSLv2Hello and SSLv3 from default enabled TLS protocols
-
- Closed
-
- relates to
-
JDK-8235448 code cleanup in SSLContextImpl.java
-
- Resolved
-