[CentOS] Java SSLv3 status on CentOS-6.6

Wed Mar 11 21:17:06 UTC 2015
Fernando Cassia <fcassia at gmail.com>

On Wed, Mar 11, 2015 at 1:03 PM, James B. Byrne <byrnejb at harte-lyne.ca>
wrote:

> Can anyone inform me as to whether or not Java on CentOS-6.6 still has
> SSLv3 enabled?  And if it does then how is it disabled?
>

If you're using Oracle JRE / JDK previous to 8u31 here are instructions on
how to disable SSLv3
http://www.oracle.com/technetwork/java/javase/documentation/cve-2014-3566-2342133.html
(the latest is Java8 version from Oracle is 8u40 and that DOES have sslv3
disabled by default)

Here, instructions on how to install Oracle Java8u40 on CentOS
http://tecadmin.net/install-java-8-on-centos-rhel-and-fedora/

But, if you're using the OpenJDK included in CentOS 6.6, it can be OpenJDK
7 or OpenJDK 8, which was included AFAIK as a technology preview, not the
default.

Here's more info on how to get OpenJDK8 in CentOS 6.6 if you don't have it
already
http://www.2daygeek.com/openjdk-8-installation-centos-fedora/

...then get the latest update from the repo which is 8.0u31 aka 1.8.0.31
dated 21-Jan-2015
http://mirrors.syringanetworks.net/centos/6.6/updates/x86_64/Packages/java-1.8.0-openjdk-1.8.0.31-1.b13.el6_6.x86_64.rpm

OpenJDK 8.0u31 disables SSLv3 by default, according to this
http://support.blancco.com/index.php?/News/NewsItem/View/73/important-notification-java-8-update-31-disables-sslv3--support

YMMV
Hope this helps!
FC
-- 
During times of Universal Deceit, telling the truth becomes a revolutionary
act
- George Orwell