H2 Console and server mode: SSL is now disabled and TLS is used to protect against the POODLE SSLv3 vulnerability. The system property to disable secure anonymous connections is now "h2.enableAnonymousTLS". The default certificate is still self-signed, so you need to manually install another one if you want to avoid man in the middle attacks.