[CentOS] Java SSLv3 status on CentOS-6.6
Jonathan Billings
billings at negate.org
Thu Mar 12 13:42:52 UTC 2015
On Wed, Mar 11, 2015 at 12:03:01PM -0400, James B. Byrne wrote:
> Can anyone inform me as to whether or not Java on CentOS-6.6 still has
> SSLv3 enabled? And if it does then how is it disabled?
According to these updates for openjdk java:
java-1.6.0-openjdk https://rhn.redhat.com/errata/RHSA-2015-0085.html
java-1.7.0-openjdk https://rhn.redhat.com/errata/RHSA-2015-0067.html
java-1.8.0-openjdk https://rhn.redhat.com/errata/RHSA-2015-0069.html
"Note: This update disables SSL 3.0 by default to address this issue.
The jdk.tls.disabledAlgorithms security property can be used to
re-enable SSL 3.0 support if needed. For additional information, refer
to the Red Hat Bugzilla bug linked to in the References section."
All these announcements were posted to the enterprise-watch-list
mailing list:
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
--
Jonathan Billings <billings at negate.org>
More information about the CentOS
mailing list