RFR: 8190492: Remove SSLv2Hello and SSLv3 from default enabled TLS protocols

Rajan Halade Wed, 04 Dec 2019 13:20:36 -0800

May I request you to review following fix which removes SSLv2Hello and SSLv3 
from default enabled protocols.


SSLv3 has been deprecated with RFC 7568. We have already disabled it by default 
in 2015 by adding it to the jdk.tls.disabledAlgorithms property. This fix 
removes it from default enabled list as well. If client/server want to use this 
protocol they can still do so by enabling it with setEnabledProtocols() API.

Webrev: http://cr.openjdk.java.net/~rhalade/8190492/webrev.00/ 
<http://cr.openjdk.java.net/~rhalade/8190492/webrev.00/>

Thanks,
Rajan

RFR: 8190492: Remove SSLv2Hello and SSLv3 from default enabled TLS protocols

Reply via email to