db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mike matrigali <mikema...@gmail.com>
Subject what versions of derby use SSLv3, that can be attacked?
Date Thu, 16 Oct 2014 21:50:07 GMT
See DERBY-6764

I believe Derby only uses ssl for client/server secure communication,
so this issue only possibly affects those running client/server rather
than embedded.

Derby will use the ssl version available in the JVM in which the
client and server is running, so part of the answer depends on what
JVM is running.  It is unclear to me if when there are multiple versions
available what version Derby will choose.

I got the following from the web:
Oracle JRE/OpenJDK 6 supports SSLv3 and TLS 1.0. You would need the IBM 
JRE 6/7 or Oracle JRE/OpenJDK 7 to get support for TLS 1.1 and TLS 1.2.

Mime
View raw message