| Re: [jetty-users] Enable SSLv3 in 9.2.10.v20150310 |
Not to recommend the use of SSLv3 by any means, but just to point out that there is a single case (of many) where I was forced to make a software change to migrate to SSLv3, and if making a software change is not feasible for some business reason, this would make it necessary to retain Jetty support for SSLv3 for such a person.My single case was... I hope I get this right...Use of Jetty 9.2.x latest as a server, to a Java 6 client on Solaris 8. Java 7 is not available for Solaris 8. Solaris 8 is end-of-life, but the company I work for still has support contracts that stipulate that that the product will still still have support under Solaris 8. Java 6 on Solaris defaults to the SSLv3 Hello, and when I upgraded to Jetty 9.2.x latest from something like Jetty 9.2.1, everything worked fine except for the loadbuild machines support Solaris 8. Jetty 9 is being used as part of a web services frame work that is integrated with the loadbuild process.First, I backed out the server upgrade to a Jetty version that didn't block SSLv3. This bought breathing room. Then, I researched and figure this all out. I updated the client to a newer version of Apache HttpClient that *also* blocked SSLv3, which caused the client to use TLSv1 Hello by default, which then allowed me to update the server to latest Jetty 9.2.x.