-
Bug
-
Resolution: Fixed
-
P2
-
5.0
-
b48
-
x86
-
windows_xp
By default, the handshaking protocols in HTTPS/JSSE is enabled for TLSv1, SSLv3, and SSLv2Hello.
http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html
However, it turned out that many commercial servers out there (e.g. Lotus Domino) are not quite compatible with TLSv1, so making HTTPS connections to these servers would fail (See attachment). As a result,
plugin currently disable TLSv1 by setting "https.protocol" to the following:
https.protocols = SSLv3,SSLv2Hello
IE also disables TLSv1 but enable SSLv3 and SSLv2 as the default settings for the same reason.
Webstart currently doesn't customize "https.protocols" so it enables TLSv1 by default. Many webstart customers will encounter this issue down the road as webstart becomes more popular for deployment.
###@###.### 2004-03-30
###@###.### 2004-03-30
http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html
However, it turned out that many commercial servers out there (e.g. Lotus Domino) are not quite compatible with TLSv1, so making HTTPS connections to these servers would fail (See attachment). As a result,
plugin currently disable TLSv1 by setting "https.protocol" to the following:
https.protocols = SSLv3,SSLv2Hello
IE also disables TLSv1 but enable SSLv3 and SSLv2 as the default settings for the same reason.
Webstart currently doesn't customize "https.protocols" so it enables TLSv1 by default. Many webstart customers will encounter this issue down the road as webstart becomes more popular for deployment.
###@###.### 2004-03-30
###@###.### 2004-03-30