[CentOS] Java SSLv3 status on CentOS-6.6

Thu Mar 12 13:28:51 UTC 2015
James B. Byrne <byrnejb at harte-lyne.ca>

On Wed, March 11, 2015 13:46, Grant McChesney wrote:
> On Wed, Mar 11, 2015 at 10:03 AM, James B. Byrne
> <byrnejb at harte-lyne.ca>
> wrote:
>
>> Can anyone inform me as to whether or not Java on CentOS-6.6 still
>> has SSLv3 enabled?  And if it does then how is it disabled?
>>
>>
> James:
>
> Check the java.security file for your JRE.  I'm running
> OpenJDK 8 on Cent 6.6 and it's located at
> /usr/lib/jvm/jre/lib/security/java.security.
> I haven't made any changes to the java.security file, which
> shows SSLv3 is already disabled:

jdk.tls.disabledAlgorithms=SSLv3
>
> Grant
>

Thank you. It is disabled here as well.

[root at vhost04 ~ (master *%)]# which java
/usr/bin/java

[root at vhost04 ~ (master *%)]# ll /usr/bin/java
lrwxrwxrwx. 1 root root 22 Jan 28 16:52 /usr/bin/java ->
/etc/alternatives/java

[root at vhost04 ~ (master *%)]# ll /etc/alternatives/java
lrwxrwxrwx. 1 root root 46 Jan 28 16:52 /etc/alternatives/java ->
/usr/lib/jvm/jre-1.7.0-openjdk.x86_64/bin/java

[root at vhost04 ~ (master *%)]# grep jdk.tls.disabledAlgorithms
/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.75.x86_64/jre/lib/security/java.security
#   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3


-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3