-
Backport
-
Resolution: Delivered
-
P3
-
8u371, 11.0.19-oracle
SSLv2Hello and SSLv3 have been removed from the default enabled TLS protocols.
After this update, if SSLv3 is removed from the `jdk.tls.disabledAlgorithms` security property, the `SSLSocket.getEnabledProtocols()`, `SSLServerSocket.getEnabledProtocols()`, `SSLEngine.getEnabledProtocols()` and `SSLParameters.getProtocols()` APIs will return "TLSv1.3, TLSv1.2". "SSLv3" will not be returned in this list.
If a client or server still needs to use the SSLv3 protocol they can do so by enabling it through the `jdk.tls.client.protocols` or `jdk.tls.server.protocols` system properties or with the `SSLSocket.setEnabledProtocols()`, `SSLServerSocket.setEnabledProtocols()` and `SSLEngine.setEnabledProtocols()` APIs.
After this update, if SSLv3 is removed from the `jdk.tls.disabledAlgorithms` security property, the `SSLSocket.getEnabledProtocols()`, `SSLServerSocket.getEnabledProtocols()`, `SSLEngine.getEnabledProtocols()` and `SSLParameters.getProtocols()` APIs will return "TLSv1.3, TLSv1.2". "SSLv3" will not be returned in this list.
If a client or server still needs to use the SSLv3 protocol they can do so by enabling it through the `jdk.tls.client.protocols` or `jdk.tls.server.protocols` system properties or with the `SSLSocket.setEnabledProtocols()`, `SSLServerSocket.setEnabledProtocols()` and `SSLEngine.setEnabledProtocols()` APIs.
- backport of
-
-
- Closed
-