On Wed, March 11, 2015 13:46, Grant McChesney wrote: > On Wed, Mar 11, 2015 at 10:03 AM, James B. Byrne > <byrnejb at harte-lyne.ca> > wrote: > >> Can anyone inform me as to whether or not Java on CentOS-6.6 still >> has SSLv3 enabled? And if it does then how is it disabled? >> >> > James: > > Check the java.security file for your JRE. I'm running > OpenJDK 8 on Cent 6.6 and it's located at > /usr/lib/jvm/jre/lib/security/java.security. > I haven't made any changes to the java.security file, which > shows SSLv3 is already disabled: jdk.tls.disabledAlgorithms=SSLv3 > > Grant > Thank you. It is disabled here as well. [root at vhost04 ~ (master *%)]# which java /usr/bin/java [root at vhost04 ~ (master *%)]# ll /usr/bin/java lrwxrwxrwx. 1 root root 22 Jan 28 16:52 /usr/bin/java -> /etc/alternatives/java [root at vhost04 ~ (master *%)]# ll /etc/alternatives/java lrwxrwxrwx. 1 root root 46 Jan 28 16:52 /etc/alternatives/java -> /usr/lib/jvm/jre-1.7.0-openjdk.x86_64/bin/java [root at vhost04 ~ (master *%)]# grep jdk.tls.disabledAlgorithms /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.75.x86_64/jre/lib/security/java.security # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 jdk.tls.disabledAlgorithms=SSLv3 -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3