<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div class="" style="font-family: ArialMT;">May I request you to review following fix which removes SSLv2Hello and SSLv3 from default enabled protocols. </div><div class="" style="font-family: ArialMT;"><span class=""><br class=""></span></div><div class="" style="font-family: ArialMT;"><span class="">SSLv3 has been deprecated with RFC 7568. We have already</span> disabled it by default in 2015 by adding it to the <span class="" style="font-family: "DejaVu Sans", sans-serif; orphans: 2; widows: 2; background-color: rgb(255, 255, 255);">jdk.tls.disabledAlgorithms property. This fix removes it from default enabled list as well. If client/server want to use this protocol they can still do so by enabling it with setEnabledProtocols() API.</span></div><div class="" style="font-family: ArialMT;"><br class=""></div><span style="font-family: ArialMT;" class="">Webrev: </span><a href="http://cr.openjdk.java.net/~rhalade/8190492/webrev.00/" class="">http://cr.openjdk.java.net/~rhalade/8190492/webrev.00/</a><div class=""><font face="ArialMT" class=""><br class=""></font><div class="">
<div dir="auto" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div>Thanks,</div><div>Rajan</div></div>
</div>
<br class=""></div></body></html>