On Wed, March 11, 2015 13:46, Grant McChesney wrote:
On Wed, Mar 11, 2015 at 10:03 AM, James B. Byrne byrnejb@harte-lyne.ca wrote:
Can anyone inform me as to whether or not Java on CentOS-6.6 still has SSLv3 enabled? And if it does then how is it disabled?
James:
Check the java.security file for your JRE. I'm running OpenJDK 8 on Cent 6.6 and it's located at /usr/lib/jvm/jre/lib/security/java.security. I haven't made any changes to the java.security file, which shows SSLv3 is already disabled:
jdk.tls.disabledAlgorithms=SSLv3
Grant
Thank you. It is disabled here as well.
[root@vhost04 ~ (master *%)]# which java /usr/bin/java
[root@vhost04 ~ (master *%)]# ll /usr/bin/java lrwxrwxrwx. 1 root root 22 Jan 28 16:52 /usr/bin/java -> /etc/alternatives/java
[root@vhost04 ~ (master *%)]# ll /etc/alternatives/java lrwxrwxrwx. 1 root root 46 Jan 28 16:52 /etc/alternatives/java -> /usr/lib/jvm/jre-1.7.0-openjdk.x86_64/bin/java
[root@vhost04 ~ (master *%)]# grep jdk.tls.disabledAlgorithms /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.75.x86_64/jre/lib/security/java.security # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 jdk.tls.disabledAlgorithms=SSLv3