RFR: 8190492: Remove SSLv2Hello and SSLv3 from default enabled TLS protocols

Rajan Halade RAJAN.HALADE at ORACLE.COM
Wed Dec 4 21:19:15 UTC 2019


May I request you to review following fix which removes SSLv2Hello and SSLv3 from default enabled protocols. 

SSLv3 has been deprecated with RFC 7568. We have already disabled it by default in 2015 by adding it to the jdk.tls.disabledAlgorithms property. This fix removes it from default enabled list as well. If client/server want to use this protocol they can still do so by enabling it with setEnabledProtocols() API.

Webrev: http://cr.openjdk.java.net/~rhalade/8190492/webrev.00/ <http://cr.openjdk.java.net/~rhalade/8190492/webrev.00/>

Thanks,
Rajan

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.java.net/pipermail/security-dev/attachments/20191204/58b70802/attachment-0001.html>


More information about the security-dev mailing list