Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8190492 Remove SSLv2Hello and SSLv3 from default enabled TLS protocols
  3. JDK-8235639

Release Note: Removed SSLv2Hello and SSLv3 From Default Enabled TLS Protocols

    XMLWordPrintable

    Details

      Description

      SSLv2Hello and SSLv3 have been removed from the default enabled TLS protocols.

      After this update, if SSLv3 is removed from the `jdk.tls.disabledAlgorithms` security property, the `SSLSocket.getEnabledProtocols()`, `SSLServerSocket.getEnabledProtocols()`, `SSLEngine.getEnabledProtocols()` and `SSLParameters.getProtocols()` APIs will return "TLSv1.3, TLSv1.2, TLSv1.1, TLSv1". "SSLv3" will not be returned in this list.

      If a client or server still needs to use the SSLv3 protocol they can do so by enabling it through the `jdk.tls.client.protocols` or `jdk.tls.server.protocols` system properties or with the `SSLSocket.setEnabledProtocols()`, `SSLServerSocket.setEnabledProtocols()` and `SSLEngine.setEnabledProtocols()` APIs.

        Attachments

          Activity

            People

            Assignee:
            rhalade Rajan Halade
            Reporter:
            rhalade Rajan Halade
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: