[
https://issues.apache.org/jira/browse/DERBY-6764?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14175054#comment-14175054
]
Rick Hillegas commented on DERBY-6764:
--------------------------------------
The following modified version of the program runs on Java 1.4:
{noformat}
import java.util.Arrays;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
public class SSLVersion
{
public static void main( String[] args ) throws Exception
{
int port = 1234;
SSLServerSocketFactory factory = (SSLServerSocketFactory)
SSLServerSocketFactory.getDefault();
SSLServerSocket serverSocket = (SSLServerSocket)
factory.createServerSocket(port);
String[] protocols = serverSocket.getSupportedProtocols();
for ( int i = 0; i < protocols.length; i++ )
{
System.out.println( "Supports protocol " + protocols[ i ] );
}
}
}
{noformat}
It produces this output on Java 1.4:
{noformat}
Supports protocol SSLv2Hello
Supports protocol SSLv3
Supports protocol TLSv1
{noformat}
I think this means we're safe even if one or both sides of the connection are
using Java 1.4.
> analyze impact of poodle security alert on Derby client - server ssl support
> ----------------------------------------------------------------------------
>
> Key: DERBY-6764
> URL: https://issues.apache.org/jira/browse/DERBY-6764
> Project: Derby
> Issue Type: Task
> Reporter: Myrna van Lunteren
>
> Recently, a security weakness was found in SSLv3, POODLE: SSLv3 vulnerability
> (CVE-2014-3566)
> Derby supports ssl between the client and network server.
> We should investigate this and decide if we need to change our product, e.g.
> to eliminate support for SSL in favor of its successor TLS.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
