stackoom
  简体   繁体   中英

How to enable SSL 3 in Java

 原文  2015-01-30 12:35:55       java/ ssl/ poodle-attack

Question

Since Java 8 Update 31 the SSL 3 protocol is disabled by default due to security flaws in the SSL Protocol (see POODLE attack ).

Even if not recommended, how can it be enabled?

4 answers

solution1
 12 ACCPTED  2015-01-30 12:35:55

Unless you have no choice other than using SSL 3, the link below explains the configuration.

The release notes for the update 31 provide information for enabling the SSL 3 again in Java.

As stated:

If SSLv3 is absolutely required , the protocol can be reactivated by removing "SSLv3" from the jdk.tls.disabledAlgorithms property in the java.security file or by dynamically setting this Security property to "true" before JSSE is initialized.

Keep in mind that even the TLS protocol can be exploited to allow an insecure access with SSL 3, thats also part of the POODLE flaw. Enabling this for Java or any other technology should be a last resort only for critical reasons.

solution2
 9  2016-05-02 11:38:34

If you must re-enable SSLv3.0 on either 8u31, 7u75, 6u91 all you have to do is comment out the following line in JRE_HOME/lib/security/java.security : 

 jdk.tls.disabledAlgorithms=SSLv3

Code: 

import javax.net.ssl.*;

public class SocketProtocols {

  public static void main(String[] args) throws Exception {

    SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
    SSLSocket soc = (SSLSocket) factory.createSocket();

    // Returns the names of the protocol versions which are
    // currently enabled for use on this connection.
    String[] protocols = soc.getEnabledProtocols();

    System.out.println("Enabled protocols:");
    for (String s : protocols) {
      System.out.println(s);
    }

  }
}

Output:

Before enabling SSL 3.0 

$ /jdk1.8.0_31/bin/java SocketProtocols
Enabled protocols:
TLSv1
TLSv1.1
TLSv1.2

After enabling SSL 3.0 

$ /jdk1.8.0_31/bin/java SocketProtocols
Enabled protocols:
SSLv3
TLSv1
TLSv1.1
TLSv1.2

credits/source: http://javablogx.blogspot.de/2015/02/enabling-ssl-v30-in-java-8.html

solution3
 7  2016-07-18 10:56:40

You can set the jdk.tls.disabledAlgorithms security property at runtime like so. 

static {
    Security.setProperty("jdk.tls.disabledAlgorithms", "");
}

solution4
 3  2016-07-05 21:10:50

I found both of these edits were required in order to connect to a DRAC 5 card:

Remove MD5: 

jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024

Remove SSLv3, RC4, and MD5withRSA: 

jdk.tls.disabledAlgorithms=DH keySize < 768

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to enable ssl in grpc with java using keystore how to enable ssl on tomcat 8 embedded javascript/json/java webapp How to use an Azure App Service Certificate with Java Spring to enable SSL How to enable TLS/SSL in java, Spring / CXF for Web Service? How to enable SSL in Jboss 5.1.0 How to enable SSL Debug in Jetty? Re-enable SSL validation in Java (Android) How to enable SSL_RSA_WITH_RC4_128_MD5 cipher in java 8 server? How to Enable SSL/HTTPS on Tomcat 7 on RHEL How to enable SSL debugging on the Android platform?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM