Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8273413

SunJSSE Provider protocol list out of date

    XMLWordPrintable

    Details

    • Subcomponent:
    • CPU:
      generic
    • OS:
      generic

      Backports

        Description

        A DESCRIPTION OF THE PROBLEM :
        In 8 the 'Protocols' item under SunJSSE in SunProviders notes that in 8u31 up SSLv3 is disabled by security property, but lists TLSv1 (meaning 1.0) and TLSv1.1 as enabled and does not note that in 8u291 up they are similarly disabled. (The Customizing section in JSSERefGuide _does_ show this and other recent changes to jdk.tls.disabledAlgorithms if you know to look there.)

        Similarly in 11 the 'SunJSSE Provider Protocol Parameters' item under SunJSSE in oracle-providers shows SSLv3 as disabled but not TLSv1 and TLSv1.1 which are disabled in 11.0.11 up; this one links to the Customizing section in java-secure-socket-extension-jsse-reference-guide which does show this. And similarly in 16 where 1.0 and 1.1 are disabled in _all_ updates (including '16.0.0').


          Attachments

            Issue Links

              Activity

                People

                Assignee:
                rgallard Raymond Gallardo
                Reporter:
                webbuggrp Webbug Group
                Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                  Dates

                  Created:
                  Updated: