[CentOS] Java SSLv3 status on CentOS-6.6

Thu Mar 12 13:42:52 UTC 2015
Jonathan Billings <billings at negate.org>

On Wed, Mar 11, 2015 at 12:03:01PM -0400, James B. Byrne wrote:
> Can anyone inform me as to whether or not Java on CentOS-6.6 still has
> SSLv3 enabled?  And if it does then how is it disabled?

According to these updates for openjdk java:

java-1.6.0-openjdk https://rhn.redhat.com/errata/RHSA-2015-0085.html

java-1.7.0-openjdk https://rhn.redhat.com/errata/RHSA-2015-0067.html

java-1.8.0-openjdk https://rhn.redhat.com/errata/RHSA-2015-0069.html

"Note: This update disables SSL 3.0 by default to address this issue.
The jdk.tls.disabledAlgorithms security property can be used to
re-enable SSL 3.0 support if needed. For additional information, refer
to the Red Hat Bugzilla bug linked to in the References section."

All these announcements were posted to the enterprise-watch-list
mailing list:
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

-- 
Jonathan Billings <billings at negate.org>