Loading...

XML

Word

Printable

Type: Enhancement
Resolution: Fixed
Priority: P3
Fix Version/s: 14
Affects Version/s: None
Component/s: security-libs
Labels:

Subcomponent:
javax.net.ssl
Resolved In Build:
b27

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8303557	11.0.19	Goetz Lindenmaier	P3	Resolved	Fixed	b05

SSLv3 is disabled by default because it is included in the jdk.tls.disabledAlgorithms security property, but we should also remove SSLv3 from the default enabled protocols of the JDK implementation. RFC 7568 says that SSLv3 should not be used.

backported by

JDK-8303557 Remove SSLv2Hello and SSLv3 from default enabled TLS protocols

Resolved

csr for

JDK-8235350 Remove SSLv2Hello and SSLv3 from default enabled TLS protocols

Closed

relates to

JDK-8235448 code cleanup in SSLContextImpl.java

Resolved

links to

Commit openjdk/jdk11u-dev/de6d2c9b

Review openjdk/jdk11u-dev/1787

Release Note: Removed SSLv2Hello and SSLv3 From Default Enabled TLS Protocols

Closed

Rajan Halade

Assignee:: Rajan Halade

Reporter:: Sean Mullan

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Due:: 2019-12-06

Created:: 2017-11-01 12:59

Updated:: 2023-03-03 00:51

Resolved:: 2019-12-09 21:43

Details

Backports

Description

Attachments

Issue Links

Sub-Tasks

Activity

People

Dates