Hi Christian,
thank you very much for your detailed post.
However, what do we do to disable SSLv3 without disabling all cipher suites that can be used with SSLv3 (because they are the same as the ones used with TLS 1.0 and 1.1, according to this post: Why doesn't the TLS protocol work without the SSLv3 ciphersuites? - Information Security Stack Exchange )?
I added the following cipher suites to the list from your post:
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
* TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
* TLS_RSA_WITH_AES_128_CBC_SHA
After that the connection using openssl s_client -connect is no longer possible when forcing SSLv3, TLS 1.0 or TLS 1.1. It only works with TLS 1.2
Thank you very much,
Florian.
PS: A list of cipher suites supported in Java 7 can be found here: http://docs.huihoo.com/java/javase/7/technotes/guides/security/SunProviders.html #SunJSSEProvider
