[
https://issues.apache.org/jira/browse/DERBY-6764?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14188627#comment-14188627
]
Mamta A. Satoor commented on DERBY-6764:
----------------------------------------
Notice the peculiar behavior for IBM jdk 1.5. Not sure if it is a bug with the
JVM but even after I remove the SSLv3 from the list of enabled protocols, it
still shows up in the list of enabled protocols.
java version "1.5.0"
Java(TM) 2 Runtime Environment, Standard Edition (build pwi32devifx-20140415
(SR16 FP6 ))
IBM J9 VM (build 2.3, J2RE 1.5.0 IBM J9 2.3 Windows 7 x86-32
j9vmwi3223ifx-20140401 (JIT enabled)
J9VM - 20140326_194053_lHdSMr
JIT - 20130920_46470ifx1_r8
GC - 20120911_AA)
JCL - 20140415
Supported protocols are
SSLv3
TLS
TLSv1
SSL
SSL_TLS
Enabled protocols are
SSLv3
TLS
TLSv1
SSL
SSL_TLS
This enabled protocols list should not have SSLv3
TLS
TLSv1
SSLv3
SSL
SSL_TLS
> analyze impact of poodle security alert on Derby client - server ssl support
> ----------------------------------------------------------------------------
>
> Key: DERBY-6764
> URL: https://issues.apache.org/jira/browse/DERBY-6764
> Project: Derby
> Issue Type: Task
> Reporter: Myrna van Lunteren
> Assignee: Mamta A. Satoor
>
> Recently, a security weakness was found in SSLv3, POODLE: SSLv3 vulnerability
> (CVE-2014-3566)
> Derby supports ssl between the client and network server.
> We should investigate this and decide if we need to change our product, e.g.
> to eliminate support for SSL in favor of its successor TLS.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
