The PKCS11 library will not support SSLv3 since Solaris 12. If SunPKCS11 is preferred, and a client request to negotiate SSL 3.0, the JSSE implementation is not able to select the underlying provider properly. It would be nice if we can detect the crypto provider ability and select the provider properly.