Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8190492 Remove SSLv2Hello and SSLv3 from default enabled TLS protocols
  3. JDK-8235639

Release Note: Removed SSLv2Hello and SSLv3 From Default Enabled TLS Protocols

    XMLWordPrintable

Details

    • Sub-task
    • Status: Closed
    • P3
    • Resolution: Delivered
    • 7u381, 8u371, 11.0.19-oracle, 14
    • 14
    • security-libs

    Backports

      Description

        SSLv2Hello and SSLv3 have been removed from the default enabled TLS protocols.

        After this update, if SSLv3 is removed from the `jdk.tls.disabledAlgorithms` security property, the `SSLSocket.getEnabledProtocols()`, `SSLServerSocket.getEnabledProtocols()`, `SSLEngine.getEnabledProtocols()` and `SSLParameters.getProtocols()` APIs will return "TLSv1.3, TLSv1.2, TLSv1.1, TLSv1". "SSLv3" will not be returned in this list.

        If a client or server still needs to use the SSLv3 protocol they can do so by enabling it through the `jdk.tls.client.protocols` or `jdk.tls.server.protocols` system properties or with the `SSLSocket.setEnabledProtocols()`, `SSLServerSocket.setEnabledProtocols()` and `SSLEngine.setEnabledProtocols()` APIs.

        Attachments

          Issue Links

            Activity

              People

                rhalade Rajan Halade
                rhalade Rajan Halade
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: