Code review request, JDK-8052406, SSLv2Hello protocol may be filter out unexpectedly
Wang Weijun
weijun.wang at oracle.com
Fri Aug 1 04:53:07 UTC 2014
On Jul 31, 2014, at 10:15, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>> The server side now only enables TLS_RSA_WITH_AES_128_CBC_SHA256. If other protocols are enabled,
Oh, typo. I meant to ask: "If other cipher suites are enabled, what will be the difference?"
--Max
>> what will be the difference? You mean TLS 1.0 and 1.1 has built-in support for SSLv2Hello but TLS 1.2 does not?
>>
> Protocols other then TLS v1.2 and SSLv2Hello would be filtered out,
> i.e., cannot be negotiated as there is no suitable cipher suite for
> those protocols ("TLS_RSA_WITH_AES_128_CBC_SHA256" only applies to TLS 1.2).
More information about the security-dev
mailing list