RFR: 8190492: Remove SSLv2Hello and SSLv3 from default enabled TLS protocols
Bradford Wetmore
bradford.wetmore at oracle.com
Thu Dec 5 01:18:42 UTC 2019
In line 601, doesn't this mean that SSL3/SSL20Hello are not longer
available as supported, and that you can't turn them back on?
Brad
On 12/4/2019 1:19 PM, Rajan Halade wrote:
> May I request you to review following fix which removes SSLv2Hello and
> SSLv3 from default enabled protocols.
>
> SSLv3 has been deprecated with RFC 7568. We have already disabled it by
> default in 2015 by adding it to the jdk.tls.disabledAlgorithms property.
> This fix removes it from default enabled list as well. If client/server
> want to use this protocol they can still do so by enabling it with
> setEnabledProtocols() API.
>
> Webrev: http://cr.openjdk.java.net/~rhalade/8190492/webrev.00/
>
> Thanks,
> Rajan
>
More information about the security-dev
mailing list