On Wed, March 11, 2015 13:46, Grant McChesney wrote:> On Wed, Mar 11, 2015 at 10:03 AM, James B. Byrne
> <byrnejb at harte-lyne.ca>
> wrote:
>
>> Can anyone inform me as to whether or not Java on CentOS-6.6 still
>> has SSLv3 enabled? And if it does then how is it disabled?
>>
>>
> James:
>
> Check the java.security file for your JRE. I'm running
> OpenJDK 8 on Cent 6.6 and it's located at
> /usr/lib/jvm/jre/lib/security/java.security.
> I haven't made any changes to the java.security file, which
> shows SSLv3 is already disabled:
jdk.tls.disabledAlgorithms=SSLv3>
> Grant
>
Thank you. It is disabled here as well.
[root at vhost04 ~ (master *%)]# which java
/usr/bin/java
[root at vhost04 ~ (master *%)]# ll /usr/bin/java
lrwxrwxrwx. 1 root root 22 Jan 28 16:52 /usr/bin/java ->
/etc/alternatives/java
[root at vhost04 ~ (master *%)]# ll /etc/alternatives/java
lrwxrwxrwx. 1 root root 46 Jan 28 16:52 /etc/alternatives/java ->
/usr/lib/jvm/jre-1.7.0-openjdk.x86_64/bin/java
[root at vhost04 ~ (master *%)]# grep jdk.tls.disabledAlgorithms
/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.75.x86_64/jre/lib/security/java.security
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3