Disabling SSL 3.0 in Java

  • 7022190
  • 30-Oct-2014
  • 02-Mar-2018

Environment

Reflection for the Web 2014 (All Editions)
Reflection for the Web 2008 (All Editions)
Reflection for the Web 2011 (All Editions)
Reflection Security Gateway 2014 (All Editions)
Reflection Security Gateway 2011
FileXpress Gateway

Situation

Some Attachmate products run Java in a web browser (Java Applet and/or Web Start) or from the command line. This technical note describes how to disable SSL 3.0 in Java to mitigate the POODLE vulnerability.

Resolution

Disabling SSL 3.0 in Java Control Panel

To disable SSL 3.0 support when Java is run in a web browser:

  1. Open Java Control Panel.

Example: Start > Control Panel > Programs > Java (32-bit)

  1. Click the Advanced tab.
  2. Scroll down to Advanced Security Settings:
    1. Uncheck Use SSL 3.0.
    2. Check Use TLS 1.2 and Use TLS 1.1.
  3. Click OK.
Figure 1. SSL 3.0 support disabled in Java Control Panel

Note: To disable SSL 3.0 support in Internet Explorer, see https://technet.microsoft.com/en-us/library/security/3009008.aspx.

Disabling SSL 3.0 on Command Line

To disable SSL 3.0 when running Java applications from shell or script commands, add the following command line option:

-Dhttps.protocols="TLSv1"

For example:

java -Dhttps.protocols="TLSv1" cfcc.Config

Additional Information

Legacy KB ID

This article was originally published as Attachmate Technical Note 2760.