I've implemented a java based client-server application. The Server is using Java 8 and the clients are java 7 (or higher) based clients.
The clients communicate with the server using SSL.
From what I read these vulnerabilities can be exploit when the client is using null cipher during negotiation, it is true that since in my case the clients are using java7 there is a guarantee that null cipher will not be used during negotiation?
I wonder, is my solution is at risk due to QID 38143 - SSL Server Allows Cleartext Communication Vulnerability or QID 38142 - SSL Server Allows Anonymous Authentication Vulnerability?