openjdk
diff --git a/‎src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
+8-16 b/‎src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
+8-16
diff --git a/‎test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java
+7-2 b/‎test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java
+7-2
diff --git a/‎test/jdk/javax/net/ssl/ServerName/SSLEngineExplorer.java
+5-2 b/‎test/jdk/javax/net/ssl/ServerName/SSLEngineExplorer.java
+5-2
diff --git a/‎test/jdk/javax/net/ssl/ServerName/SSLSocketExplorer.java
+5-2 b/‎test/jdk/javax/net/ssl/ServerName/SSLSocketExplorer.java
+5-2
diff --git a/‎test/jdk/javax/net/ssl/sanity/interop/JSSEServer.java
+5-1 b/‎test/jdk/javax/net/ssl/sanity/interop/JSSEServer.java
+5-1
diff --git a/‎test/jdk/sun/security/pkcs11/sslecc/JSSEServer.java
+5-1 b/‎test/jdk/sun/security/pkcs11/sslecc/JSSEServer.java
+5-1
diff --git a/‎test/jdk/sun/security/ssl/ProtocolVersion/HttpsProtocols.java
+5-2 b/‎test/jdk/sun/security/ssl/ProtocolVersion/HttpsProtocols.java
+5-2
@@ -571,9 +571,7 @@ private abstract static class AbstractTLSContext extends SSLContextImpl {
                     ProtocolVersion.TLS13,
                     ProtocolVersion.TLS12,
                     ProtocolVersion.TLS11,
-                    ProtocolVersion.TLS10,
-                    ProtocolVersion.SSL30,
-                    ProtocolVersion.SSL20Hello
+                    ProtocolVersion.TLS10
                 });
             }
 
@@ -637,8 +635,7 @@ public static final class TLS10Context extends AbstractTLSContext {
             } else {
                 clientDefaultProtocols = getAvailableProtocols(
                         new ProtocolVersion[] {
-                    ProtocolVersion.TLS10,
-                    ProtocolVersion.SSL30
+                    ProtocolVersion.TLS10
                 });
             }
 
@@ -677,8 +674,7 @@ public static final class TLS11Context extends AbstractTLSContext {
                 clientDefaultProtocols = getAvailableProtocols(
                         new ProtocolVersion[] {
                     ProtocolVersion.TLS11,
-                    ProtocolVersion.TLS10,
-                    ProtocolVersion.SSL30
+                    ProtocolVersion.TLS10
                 });
             }
 
@@ -720,8 +716,7 @@ public static final class TLS12Context extends AbstractTLSContext {
                         new ProtocolVersion[] {
                     ProtocolVersion.TLS12,
                     ProtocolVersion.TLS11,
-                    ProtocolVersion.TLS10,
-                    ProtocolVersion.SSL30
+                    ProtocolVersion.TLS10
                 });
             }
 
@@ -764,8 +759,7 @@ public static final class TLS13Context extends AbstractTLSContext {
                     ProtocolVersion.TLS13,
                     ProtocolVersion.TLS12,
                     ProtocolVersion.TLS11,
-                    ProtocolVersion.TLS10,
-                    ProtocolVersion.SSL30
+                    ProtocolVersion.TLS10
                 });
             }
 
@@ -927,11 +921,11 @@ private static List<ProtocolVersion> customizedProtocols(
                             ProtocolVersion.TLS13,
                             ProtocolVersion.TLS12,
                             ProtocolVersion.TLS11,
-                            ProtocolVersion.TLS10,
-                            ProtocolVersion.SSL30
+                            ProtocolVersion.TLS10
                         };
                     }
                 } else {
+                    // default server protocols
                     if (SunJSSE.isFIPS()) {
                         candidates = new ProtocolVersion[] {
                             ProtocolVersion.TLS13,
@@ -944,9 +938,7 @@ private static List<ProtocolVersion> customizedProtocols(
                             ProtocolVersion.TLS13,
                             ProtocolVersion.TLS12,
                             ProtocolVersion.TLS11,
-                            ProtocolVersion.TLS10,
-                            ProtocolVersion.SSL30,
-                            ProtocolVersion.SSL20Hello
+                            ProtocolVersion.TLS10
                         };
                     }
                 }
 
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,7 +28,7 @@
 
 /*
  * @test
- * @bug 4495742
+ * @bug 4495742 8190492
  * @summary Demonstrate SSLEngine switch from no client auth to client auth.
  * @run main/othervm NoAuthClientAuth SSLv3
  * @run main/othervm NoAuthClientAuth TLSv1
@@ -304,6 +304,11 @@ private void createSSLEngines() throws Exception {
         serverEngine.setUseClientMode(false);
         serverEngine.setNeedClientAuth(false);
 
+        // Enable all supported protocols on server side to test SSLv3
+        if ("SSLv3".equals(tlsProtocol)) {
+            serverEngine.setEnabledProtocols(serverEngine.getSupportedProtocols());
+        }
+
         /*
          * Similar to above, but using client mode instead.
          */
 
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,7 +28,7 @@
 
 /*
  * @test
- * @bug 7068321
+ * @bug 7068321 8190492
  * @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server
  * @library ../SSLEngine ../templates
  * @build SSLEngineService SSLCapabilities SSLExplorer
@@ -80,6 +80,9 @@ void doServerSide() throws Exception {
         // create SSLEngine.
         SSLEngine ssle = createSSLEngine(false);
 
+        // Enable all supported protocols on server side to test SSLv3
+        ssle.setEnabledProtocols(ssle.getSupportedProtocols());
+
         // Create a server socket channel.
         InetSocketAddress isa =
                 new InetSocketAddress(InetAddress.getLocalHost(), serverPort);
 
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,7 +28,7 @@
 
 /**
  * @test
- * @bug 7068321
+ * @bug 7068321 8190492
  * @summary Support TLS Server Name Indication (SNI) Extension in JSSE Server
  * @library ../templates
  * @build SSLCapabilities SSLExplorer
@@ -148,6 +148,9 @@ void doServerSide() throws Exception {
             new ByteArrayInputStream(buffer, 0, position);
         SSLSocket sslSocket = (SSLSocket)sslsf.createSocket(socket, bais, true);
 
+        // Enable all supported protocols on server side to test SSLv3
+        sslSocket.setEnabledProtocols(sslSocket.getSupportedProtocols());
+
         InputStream sslIS = sslSocket.getInputStream();
         OutputStream sslOS = sslSocket.getOutputStream();
 
 
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -51,6 +51,10 @@ class JSSEServer extends CipherTest.Server {
         serverSocket
                 = (SSLServerSocket) factory.createServerSocket(CipherTest.serverPort);
         CipherTest.serverPort = serverSocket.getLocalPort();
+
+        // JDK-8190492: Enable all supported protocols on server side to test SSLv3
+        serverSocket.setEnabledProtocols(serverSocket.getSupportedProtocols());
+
         serverSocket.setEnabledCipherSuites(factory.getSupportedCipherSuites());
         serverSocket.setWantClientAuth(true);
     }
 
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -52,6 +52,10 @@ class JSSEServer extends CipherTest.Server {
         serverSocket = (SSLServerSocket)factory.createServerSocket(0);
         serverSocket.setSoTimeout(CipherTest.TIMEOUT);
         CipherTest.serverPort = serverSocket.getLocalPort();
+
+        // JDK-8190492: Enable all supported protocols on server side to test SSLv3
+        serverSocket.setEnabledProtocols(serverSocket.getSupportedProtocols());
+
         serverSocket.setEnabledCipherSuites(factory.getSupportedCipherSuites());
         serverSocket.setWantClientAuth(true);
     }
 
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
 
 /*
  * @test
- * @bug 4671289
+ * @bug 4671289 8190492
  * @summary passing https.protocols from command line doesn't work.
  * @run main/othervm -Dhttps.protocols=SSLv3 HttpsProtocols
  * @author Brad Wetmore
@@ -88,6 +88,9 @@ void doServerSide() throws Exception {
         SSLServerSocket sslServerSocket =
             (SSLServerSocket) sslssf.createServerSocket(serverPort);
 
+        // Enable all supported protocols on server side to test SSLv3
+        sslServerSocket.setEnabledProtocols(sslServerSocket.getSupportedProtocols());
+
         serverPort = sslServerSocket.getLocalPort();
 
         /*