HTTPS connections can be established if the client enables TLSv1.2 only, and server does not support TLSv1.2. Server is configured to respond with TLSv1. It is expected that client should reject the server respons as it does not support TLS 1.0.

Issue can be reproduced on windows 32bit with jdk8 cpu bundles b123 from http://jre.us.oracle.com/java/re/jdk/8-cpu1401/promoted/ea/b123/bundles.
1. In JCP advanced tab disable TLS1.0/1.1/SSL3.0 and only leave TLS1.2 checked.
2. Change slider setting to Medium or import the cert used to sign the applet from:
http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/larry/bugreport/tmpcert/myKeystoreValid. (alias=validSelfSign password="changeit")
3. unzip tomcat package from link below. The pacage is configured to be TLSv1 enabled.
http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/larry/bugreport/tls/apache-tomcat-tls.zip
4. start tomcat and in browser access the link. Accept warning dialogs afterwards.
http://127.0.0.1:8080/tls_low/html/testConnectHttpsNeg.html

5. If you can see log info as below which indicates the tls v1 enabled https server can be connected, the bug is reproduced:
the content lenght is: 300
Connection SUCCESSFUL...
6.Expected behavior:
After disable tls1/1.1 in jcp, the tls v1 enabled server should not be contactable.
The source of applets can be found from:
http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/larry/bugreport/tls/src