Padding Oracle On Downgraded Legacy Encryption (POODLE) security vulnerability

To address security vulnerability CVE-2014-3566 , the Secure Socket Layer (SSL) V3.0 protocol is turned off by default and the TLS protocol is enabled. The vulnerability is addressed by IBM® and by Oracle through different properties. The Oracle implementation takes precedence.

A potential security vulnerability exists in the SSL V3.0 protocol. This vulnerability applies to any application that uses SSL/TLS under one of the following conditions:

The application uses a protocol configuration that enables SSL and TLS, which might fall back to SSL V3.0.
The application explicitly allows or requests SSL V3.0.

For example, if you have SSL hardcoded in your application code, such as SSLContext.getInstance("SSL"), the original implementation defaults that context to SSL V3.0. To secure your application against the vulnerability, SSL V3.0 is disabled by default and TLS is enabled as indicated in the table.

The following table lists some common protocol label names that are used by the IBM SDK and the change in protocol that is enabled with this fix:

Table 1. . Changes to protocol label names
Protocol label	Protocol enabled before the fix	Protocol enabled after the fix
SSL	SSL V3.0	Enables all TLS V1.0, V1.1, and V1.2 protocols
SSLv3	SSL V3.0	None, the connection fails.
TLS	TLS V1.0 (defined in RFC2246)	TLS V1.0 (defined in RFC2246)
TLSv1	TLS V1.0 (defined in RFC2246)	TLS V1.0 (defined in RFC2246)
TLSv1.1	TLS V1.1 (defined in RFC4346)	TLS V1.1 (defined in RFC4346)
TLSv1.2	TLS V1.2 (defined in RFC5246)	TLS V1.2 (defined in RFC5246)
SSL_TLS	Enables all SSL V3.0 and TLS V1.0 protocols	TLS V1.0
SSL_TLSv2	Enables all SSL V3.0 and TLS V1.0, V1.1, and V1.2 protocols	Enables all TLS V1.0, V1.1, and V1.2 protocols

Important: More recent changes are implemented to the default protocols that are enabled when you specify the SSL protocol label. For an up to date list of enabled protocols, see Protocols.

If you must enable SSL V3.0, IBM provides a system property. Set the following system property either statically or dynamically: com.ibm.jsse2.disableSSLv3=false.

Oracle have also addressed this vulnerability with a change to the security property jdk.tls.disabledAlgorithms. This property includes SSLv3 by default in the java.security file, which means that SSL V3.0 is disabled. You can modify the setting to remove SSLv3 or add further algorithms with the following syntax:

jdk.tls.disabledAlgorithms = <Algorithm_1>, <Algorithm_2>

This security property has precedence over the IBM system property com.ibm.jsse2.disableSSLv3. The following table shows the effect of setting either the IBM property or the Oracle property, on the SSL v3.0 protocol:

Table 2. . Property interaction and effect on SSL V3.0
jdk.tls.disabledAlgorithms setting	com.ibm.jsse2.disableSSLv3 setting	SSL V3.0 status
SSLv3 (default)	true (default)	Disabled
SSLv3 (default)	false	Disabled
No value set (SSLv3 removed)	false	Enabled
No value set (SSLv3 removed)	true (default)	Disabled

Note: The protocol label name changes apply irrespective of the property used.

This vulnerability is addressed in this release.

Start of changes for service refresh 1 If your application hard codes the protocol label SSLv3, you can use the com.ibm.jsse2.convertSSLv3 property to automatically match the behavior for protocol label SSL without modifying your source code. For more information, see Matching SSLv3 to SSL behavior. End of changes for service refresh 1

For information about setting system properties, see How to Specify a java.lang.system Property.

Start of changes for service refresh 1 If your application attempts to use SSL V3.0, the application will fail to negotiate a session. The failure might be manifested in different ways and might not immediately point to an SSL connection error. For more information about the POODLE vulnerability, see IBM SDK, Java™ Technology Edition fixes to mitigate against the POODLE security vulnerability (CVE-2014-3566). End of changes for service refresh 1