diff --git a/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java b/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java index 05c8edc471..c0adb45298 100644 --- a/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java +++ b/handler/src/main/java/io/netty/handler/ssl/JdkSslContext.java @@ -20,6 +20,9 @@ import io.netty.buffer.ByteBufAllocator; import io.netty.util.internal.logging.InternalLogger; import io.netty.util.internal.logging.InternalLoggerFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLSessionContext; import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; @@ -27,10 +30,6 @@ import java.util.HashSet; import java.util.List; import java.util.Set; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLEngine; -import javax.net.ssl.SSLSessionContext; - /** * An {@link SslContext} which uses JDK's SSL/TLS implementation. */ @@ -64,7 +63,7 @@ public abstract class JdkSslContext extends SslContext { List protocols = new ArrayList(); addIfSupported( supportedProtocolsSet, protocols, - "TLSv1.2", "TLSv1.1", "TLSv1", "SSLv3"); + "TLSv1.2", "TLSv1.1", "TLSv1"); if (!protocols.isEmpty()) { PROTOCOLS = protocols.toArray(new String[protocols.size()]); diff --git a/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java b/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java index f99e192395..74e405d33d 100644 --- a/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java +++ b/handler/src/main/java/io/netty/handler/ssl/OpenSslServerContext.java @@ -160,6 +160,7 @@ public final class OpenSslServerContext extends SslContext { SSLContext.setOptions(ctx, SSL.SSL_OP_ALL); SSLContext.setOptions(ctx, SSL.SSL_OP_NO_SSLv2); + SSLContext.setOptions(ctx, SSL.SSL_OP_NO_SSLv3); SSLContext.setOptions(ctx, SSL.SSL_OP_CIPHER_SERVER_PREFERENCE); SSLContext.setOptions(ctx, SSL.SSL_OP_SINGLE_ECDH_USE); SSLContext.setOptions(ctx, SSL.SSL_OP_SINGLE_DH_USE);