Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8297746

Release Note: Removed SSLv2Hello and SSLv3 From Default Enabled TLS Protocols

XMLWordPrintable

      SSLv2Hello and SSLv3 have been removed from the default enabled TLS protocols.

      After this update, if SSLv3 is removed from the `jdk.tls.disabledAlgorithms` security property, the `SSLSocket.getEnabledProtocols()`, `SSLServerSocket.getEnabledProtocols()`, `SSLEngine.getEnabledProtocols()` and `SSLParameters.getProtocols()` APIs will return "TLSv1.2". "SSLv3" will not be returned in this list.

      If a client or server still needs to use the SSLv3 protocol they can do so by enabling it through the `jdk.tls.client.protocols` or `jdk.tls.server.protocols` system properties or with the `SSLSocket.setEnabledProtocols()`, `SSLServerSocket.setEnabledProtocols()` and `SSLEngine.setEnabledProtocols()` APIs.

            jnibedita Nibedita Jena
            rhalade Rajan Halade
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: