Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8273413

SunJSSE Provider protocol list out of date

XMLWordPrintable

    • b06
    • generic
    • generic

        A DESCRIPTION OF THE PROBLEM :
        In 8 the 'Protocols' item under SunJSSE in SunProviders notes that in 8u31 up SSLv3 is disabled by security property, but lists TLSv1 (meaning 1.0) and TLSv1.1 as enabled and does not note that in 8u291 up they are similarly disabled. (The Customizing section in JSSERefGuide _does_ show this and other recent changes to jdk.tls.disabledAlgorithms if you know to look there.)

        Similarly in 11 the 'SunJSSE Provider Protocol Parameters' item under SunJSSE in oracle-providers shows SSLv3 as disabled but not TLSv1 and TLSv1.1 which are disabled in 11.0.11 up; this one links to the Customizing section in java-secure-socket-extension-jsse-reference-guide which does show this. And similarly in 16 where 1.0 and 1.1 are disabled in _all_ updates (including '16.0.0').


              rgallard Raymond Gallardo
              webbuggrp Webbug Group
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: