Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] Enable SSLv3 in 9.2.10.v20150310


i hope you have really good reasons to enable SSLv3 the protocol is broken,
this is the reason that it is disabled in new JRE Version.
1) RC4 is broken and obsoleted by an RFC
2) CBC if also broken
3) GCM is not available in SSLv3 and SSLv3 does not have padding
So SSLv3 should only enable for protocol testing but NEVER for securing

Gruß Thomas


Message: 1
Date: Thu, 9 Apr 2015 16:19:25 +0000
From: "Grimm, Michael J (HPCS-R&D)" <grimm@xxxxxx>
To: "jetty-users@xxxxxxxxxxx" <jetty-users@xxxxxxxxxxx>
Subject: Re: [jetty-users] Can't enable SSLv3 in 9.2.10.v20150310
Content-Type: text/plain; charset="us-ascii"

I found the problem was NOT with Jetty, but rather with the new JRE I'm using.
In Java1.8_u31, SSLv3 is disabled. 
You can see this in:
	jre/lib/security/ - jdk.tls.disabledAlgorithms=SSLv3

When I deleted that property and restarted my application, Jetty was able to use SSLv3.

Back to the top