Hi, i hope you have really good reasons to enable SSLv3 the protocol is broken, this is the reason that it is disabled in new JRE Version. 1) RC4 is broken and obsoleted by an RFC 2) CBC if also broken 3) GCM is not available in SSLv3 and SSLv3 does not have padding constraints. So SSLv3 should only enable for protocol testing but NEVER for securing data.
Gruß Thomas ---------------------------------------------------------------------- Message: 1 Date: Thu, 9 Apr 2015 16:19:25 +0000 From: "Grimm, Michael J (HPCS-R&D)" <[email protected]> To: "[email protected]" <[email protected]> Subject: Re: [jetty-users] Can't enable SSLv3 in 9.2.10.v20150310 Message-ID: <41551cee2042a8479e4048be0e3b7a85a2b44...@g4w3231.americas.hpqcorp.net> Content-Type: text/plain; charset="us-ascii" FYI. I found the problem was NOT with Jetty, but rather with the new JRE I'm using. In Java1.8_u31, SSLv3 is disabled. You can see this in: jre/lib/security/java.security - jdk.tls.disabledAlgorithms=SSLv3 When I deleted that property and restarted my application, Jetty was able to use SSLv3. _______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
