Code review request, JDK-8052406, SSLv2Hello protocol may be filter out unexpectedly
Xuelei Fan
xuelei.fan at oracle.com
Fri Aug 1 08:27:52 UTC 2014
On 8/1/2014 12:53 PM, Wang Weijun wrote:
>
> On Jul 31, 2014, at 10:15, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>
>>> The server side now only enables TLS_RSA_WITH_AES_128_CBC_SHA256. If other protocols are enabled,
>
> Oh, typo. I meant to ask: "If other cipher suites are enabled, what will be the difference?"
>
If the enabled cipher suites are supported by other protocols, other
protocols would be enabled accordingly (for example, if enabled
TLS_RSA_WITH_AES_128_CBC_SHA, TLS v1.0 and TLS v1.1 would also be
available), and SSLv2Hello are also enabled as the need to accept SSL v2
ClientHello message.
Thanks,
Xuelei
> --Max
>
>>> what will be the difference? You mean TLS 1.0 and 1.1 has built-in support for SSLv2Hello but TLS 1.2 does not?
>>>
>> Protocols other then TLS v1.2 and SSLv2Hello would be filtered out,
>> i.e., cannot be negotiated as there is no suitable cipher suite for
>> those protocols ("TLS_RSA_WITH_AES_128_CBC_SHA256" only applies to TLS 1.2).
>
More information about the security-dev
mailing list