On Wed, Mar 11, 2015 at 12:03:01PM -0400, James B. Byrne wrote:
Can anyone inform me as to whether or not Java on CentOS-6.6 still has SSLv3 enabled? And if it does then how is it disabled?
According to these updates for openjdk java:
java-1.6.0-openjdk https://rhn.redhat.com/errata/RHSA-2015-0085.html
java-1.7.0-openjdk https://rhn.redhat.com/errata/RHSA-2015-0067.html
java-1.8.0-openjdk https://rhn.redhat.com/errata/RHSA-2015-0069.html
"Note: This update disables SSL 3.0 by default to address this issue. The jdk.tls.disabledAlgorithms security property can be used to re-enable SSL 3.0 support if needed. For additional information, refer to the Red Hat Bugzilla bug linked to in the References section."
All these announcements were posted to the enterprise-watch-list mailing list: https://www.redhat.com/mailman/listinfo/enterprise-watch-list