Why I can not disable SSLv3?

Question

I have disabled sslv3 in server side like this :

            char certPass[] = "***";
            char certAliaMainPass[] = "***";;
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(new FileInputStream(certPath), certPass);
            KeyManagerFactory keyManagerFactory =         KeyManagerFactory.getInstance("SunX509");
            keyManagerFactory.init(keyStore, certAliaMainPass);
            SSLContext sslContext = SSLContext.getInstance("TLS");
            sslContext.init(keyManagerFactory.getKeyManagers(), null, null);
            SSLServerSocketFactory sslServerSocketFactory = sslContext.getServerSocketFactory();
            sslServerSocket = (SSLServerSocket) sslServerSocketFactory.createServerSocket(iPort);

            String[] protocols = sslServerSocket.getEnabledProtocols();
            Set<String> set = new HashSet<String>();
            for (String s : protocols) {
                if (s.equals("SSLv3")) {
                    continue;
                }
                set.add(s);
            }
            sslServerSocket.setEnabledProtocols(set.toArray(new String[0]));

but client which used "SSLv3" still can connect to server, how can I do for this issue?

score 0 · Answer 1 · edited May 26 '16 at 08:51

0

Go to Java installation folder.
Open {JRE_HOME}\lib\security\java.security -file in text editor.
Go to the last line.
Delete or comment out the following line jdk.tls.disabledAlgorithms=SSLv3

edited May 26 '16 at 08:51

dur

15,689
25
79
125

answered May 26 '16 at 05:52

Aniket

173
12

Why I can not disable SSLv3?

1 Answers1