8190492: Remove SSLv2Hello and SSLv3 from default enabled TLS protocols

Reviewed-by: mullan, wetmore, xuelei
2025-08-28 15:24:43 +02:00 · 2019-12-09 21:38:12 -08:00 · 2019-12-09 21:38:12 -08:00 · 5fc46f3c50
commit 5fc46f3c50
parent 63ba804f4f
13 changed files with 210 additions and 166 deletions
--- a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
+++ b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
@ -550,9 +550,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
                ProtocolVersion.TLS13,
                ProtocolVersion.TLS12,
                ProtocolVersion.TLS11,
-                ProtocolVersion.TLS10,
-                ProtocolVersion.SSL30,
-                ProtocolVersion.SSL20Hello
+                ProtocolVersion.TLS10
            });

            supportedCipherSuites = getApplicableSupportedCipherSuites(
@ -609,8 +607,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
        static {
            clientDefaultProtocols = getAvailableProtocols(
                    new ProtocolVersion[] {
-                ProtocolVersion.TLS10,
-                ProtocolVersion.SSL30
+                ProtocolVersion.TLS10
            });

            clientDefaultCipherSuites = getApplicableEnabledCipherSuites(
@ -641,8 +638,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
            clientDefaultProtocols = getAvailableProtocols(
                    new ProtocolVersion[] {
                ProtocolVersion.TLS11,
-                ProtocolVersion.TLS10,
-                ProtocolVersion.SSL30
+                ProtocolVersion.TLS10
            });

            clientDefaultCipherSuites = getApplicableEnabledCipherSuites(
@ -675,8 +671,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
                    new ProtocolVersion[] {
                ProtocolVersion.TLS12,
                ProtocolVersion.TLS11,
-                ProtocolVersion.TLS10,
-                ProtocolVersion.SSL30
+                ProtocolVersion.TLS10
            });

            clientDefaultCipherSuites = getApplicableEnabledCipherSuites(
@ -709,8 +704,7 @@ public abstract class SSLContextImpl extends SSLContextSpi {
                ProtocolVersion.TLS13,
                ProtocolVersion.TLS12,
                ProtocolVersion.TLS11,
-                ProtocolVersion.TLS10,
-                ProtocolVersion.SSL30
+                ProtocolVersion.TLS10
            });

            clientDefaultCipherSuites = getApplicableEnabledCipherSuites(
@ -853,18 +847,16 @@ public abstract class SSLContextImpl extends SSLContextSpi {
                            ProtocolVersion.TLS13,
                            ProtocolVersion.TLS12,
                            ProtocolVersion.TLS11,
-                            ProtocolVersion.TLS10,
-                            ProtocolVersion.SSL30
+                            ProtocolVersion.TLS10
                        };

                } else {
+                    // default server protocols
                    candidates = new ProtocolVersion[] {
                            ProtocolVersion.TLS13,
                            ProtocolVersion.TLS12,
                            ProtocolVersion.TLS11,
-                            ProtocolVersion.TLS10,
-                            ProtocolVersion.SSL30,
-                            ProtocolVersion.SSL20Hello
+                            ProtocolVersion.TLS10
                    };
                }
            } else {