How to enable SSLv3 in Java 8 without modifying java.security file?

Question

In JDK 8 SSLv3 is disabled and TLSv1.2 is enabled by default.

When i google i found lot of posts where SSLv3 is enabled by commenting out the line in java.security file in the lib folder.

I want to enable SSLv3 by setting a system property with out modifying the java installation.

Answer 1

You might be able to do this. First, you need to check if your java.security file has the following line in it:

security.overridePropertiesFile=true

If so, then the following tricks might work. Otherwise, if overriding the properties file is not allowed, then modifying that java.security file is your only recourse.

Assuming overriding the properties file is allowed, then you could try making a copy of java.security somewhere else, e.g. sslv3-allowed.java.security, with the jdk.tls.disabledAlgorithms property value modified to have "SSLv3" removed from it. Then, when you start the JVM, you'd use something like:

$ java -Djava.security.properties==/path/to/sslv3-allowed.java.security ...

Notice the "=="; this tells the JVM to completely ignore java.security, and use only your file. With a single equals sign, your file can append to (or override) portions of the default java.security file.

The above come from reading this post: https://dzone.com/articles/how-override-java-security; a related SO post can be found here: How to enable SSL 3 in Java.

Hope this helps!