Skip to Content
Information
Unsupported product PATROL for Web Transaction and its documentation are no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Technical bulletins

This section contains information about updates for the BMC PATROL for Internet Server that are not related to flashes, service packs, or patches.

SSLv3 protocol disabled by default in JDK 8u31 onwards

July 11, 2016: 

To address the security vulnerability CVE-2014-3566, commonly known as Poodle, Oracle has disabled Secure Socket Layer (SSL) v3.0 by default in Java SE Development Kit 8, Update 31 (JDK 8u31) onwards.

BMC recommends that you do not use SSLv3. If you have an absolute requirement to use SSLv3, you have the following options:

  • Do not upgrade to JDK 8u31 or later. Earlier versions of JDK support SSLv3.
  • If you have upgraded to JDK 8u31 or later, manually reactivate SSLv3.

To manually reactivate SSLv3

From the <JRE_HOME>/lib/security/java.security file, remove SSLv3 from the jdk.tls.disabledAlgorithms property or dynamically set the Security property to true before the JSSE is initialized.

For more information, see the following Oracle documentation:

http://www.oracle.com/technetwork/java/javase/8u31-relnotes-2389094.html

http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC PATROL for Web Transaction 9.0