-
Bug
-
Resolution: Fixed
-
P3
-
8, 11, 16
-
b06
-
generic
-
generic
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8273499 | 11.0.14-oracle | Raymond Gallardo | P3 | Resolved | Fixed | |
JDK-8277354 | 8u331 | Raymond Gallardo | P3 | Resolved | Fixed | b01 |
A DESCRIPTION OF THE PROBLEM :
In 8 the 'Protocols' item under SunJSSE in SunProviders notes that in 8u31 up SSLv3 is disabled by security property, but lists TLSv1 (meaning 1.0) and TLSv1.1 as enabled and does not note that in 8u291 up they are similarly disabled. (The Customizing section in JSSERefGuide _does_ show this and other recent changes to jdk.tls.disabledAlgorithms if you know to look there.)
Similarly in 11 the 'SunJSSE Provider Protocol Parameters' item under SunJSSE in oracle-providers shows SSLv3 as disabled but not TLSv1 and TLSv1.1 which are disabled in 11.0.11 up; this one links to the Customizing section in java-secure-socket-extension-jsse-reference-guide which does show this. And similarly in 16 where 1.0 and 1.1 are disabled in _all_ updates (including '16.0.0').
In 8 the 'Protocols' item under SunJSSE in SunProviders notes that in 8u31 up SSLv3 is disabled by security property, but lists TLSv1 (meaning 1.0) and TLSv1.1 as enabled and does not note that in 8u291 up they are similarly disabled. (The Customizing section in JSSERefGuide _does_ show this and other recent changes to jdk.tls.disabledAlgorithms if you know to look there.)
Similarly in 11 the 'SunJSSE Provider Protocol Parameters' item under SunJSSE in oracle-providers shows SSLv3 as disabled but not TLSv1 and TLSv1.1 which are disabled in 11.0.11 up; this one links to the Customizing section in java-secure-socket-extension-jsse-reference-guide which does show this. And similarly in 16 where 1.0 and 1.1 are disabled in _all_ updates (including '16.0.0').
- backported by
-
JDK-8273499 SunJSSE Provider protocol list out of date
- Resolved
-
JDK-8277354 SunJSSE Provider protocol list out of date
- Resolved
- relates to
-
JDK-8202343 Disable TLS 1.0 and 1.1
- Resolved