> > I am not sure what cipher suites you are using but from my point i would >> say if the company >> > use an cipher technology that is 16 years outdated they can as well use >> plain text. >> > > I'm not using "cipher technology that is 16 years outdated". I am using > Java 6u45 on Solaris 8, which although EOL and "old", is certainly not 16 > years old. > > Might want to take a look at the changelogs in Java 7 and Java 8. There's been well over 800 (yes, eight hundred, this is not a typo) CVE's fixed since Java 6u45.
Oracle made the decision to disable SSLv3 in all of their products (Including Solaris), when the Poodle vulnerability was announced (Oct 2014). The 2 prior vulnerabilities Shellshock (Sept 2014) and Heartbleed (April 2014) had less of change by Oracle. (just pointing out the level of severity here). And even before that, back in 2010, there were Security alerts about SSLv3 in Solaris 8. http://download.oracle.com/sunalerts/1021671.1.html Even to this day, you can get up to date patches for Solaris 8 that updates SUNWtls which forces SSLv3 to be disabled via the Oracle Solaris 8 Vintage Patch Service. - Joakim
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
