Hi, Please review this fix for JDK-8052406:
Webrev: http://cr.openjdk.java.net/~xuelei/8052406/webrev.00/ JBS: https://bugs.openjdk.java.net/browse/JDK-8049321 For TLS connections, if no suitable cipher suite available for a particular TLS protocol, such protocol should not be negotiated. For example, if only "TLS_RSA_WITH_AES_128_CBC_SHA256" enabled, as it is only supported by TLS version 1.2, the connection should be negotiated TLS version 1 and 1.1. In SunJSSE implementation, we check the binding of enabled protocols and enabled cipher suites. SSLv2Hello may be improperly filter out when making the checking above. Actually, SSLv2Hello is not a real SSL/TLS protocol, it is only used as the format of ClientHello message. If SSLv2Hello is enabled, it should not be filter out. This fix address the SunJSSE problem implementation above. Thanks, Xuelei
