Matching SSLv3
to SSL
behavior
To address the POODLE security vulnerability, the SSL V3.0
protocol is disabled by default. If your application hardcodes the
protocol label SSLv3
, you can use the com.ibm.jsse2.convertSSLv3 property
to automatically match the behavior for protocol label SSL
without
modifying your source code.
com.ibm.jsse2.convertSSLv3=[true|false]
To match the behavior of the
SSL
protocol label
when the SSLv3
protocol label is specified, set this
property to true. The default value is false.
SSLv3 at the client or server | com.ibm.jsse2.convertSSLv3 = false | com.ibm.jsse2.convertSSLv3 = true |
---|---|---|
Client | SSLv3 | SSLv3, TLS1.0, TLSv1.1, TLSv1.2 |
Server | SSLv3 | SSLv3, TLS1.0, TLSv1.1, TLSv1.2 |
Note: This property does not affect system property com.ibm.jsse2.disableSSLv3,
which is provided for the POODLE security vulnerability. Property com.ibm.jsse2.disableSSLv3 always
takes effect based on its value, regardless of the setting for com.ibm.jsse2.convertSSLv3.
For more information about the POODLE security vulnerability, see Padding Oracle On Downgraded Legacy Encryption (POODLE) security vulnerability.