Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8190492

Remove SSLv2Hello and SSLv3 from default enabled TLS protocols

    XMLWordPrintable

Details

    Backports

      Description

        SSLv3 is disabled by default because it is included in the jdk.tls.disabledAlgorithms security property, but we should also remove SSLv3 from the default enabled protocols of the JDK implementation. RFC 7568 says that SSLv3 should not be used.

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8303557 Remove SSLv2Hello and SSLv3 from default enabled TLS protocols

            • P3 - Major loss of function.
            • Resolved
            csr for

            CSR - null JDK-8235350 Remove SSLv2Hello and SSLv3 from default enabled TLS protocols

            • P3 - Major loss of function.
            • Closed
            relates to

            Bug - A problem which impairs or prevents the functions of the product. JDK-8235448 code cleanup in SSLContextImpl.java

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved
            links to

            Commit Commit openjdk/jdk11u-dev/de6d2c9b

            Review Review openjdk/jdk11u-dev/1787

            Activity

              People

                rhalade Rajan Halade
                mullan Sean Mullan
                Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: