-
Enhancement
-
Resolution: Fixed
-
P3
-
None
-
b27
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8303557 | 11.0.19 | Goetz Lindenmaier | P3 | Resolved | Fixed | b05 |
SSLv3 is disabled by default because it is included in the jdk.tls.disabledAlgorithms security property, but we should also remove SSLv3 from the default enabled protocols of the JDK implementation. RFC 7568 says that SSLv3 should not be used.
- backported by
-
JDK-8303557 Remove SSLv2Hello and SSLv3 from default enabled TLS protocols
-
- Resolved
-
- csr for
-
JDK-8235350 Remove SSLv2Hello and SSLv3 from default enabled TLS protocols
-
- Closed
-
- relates to
-
JDK-8235448 code cleanup in SSLContextImpl.java
-
- Resolved
-