Java disabled SSLv3 due to vulnerability.But in java mail API using an SMTP server over SSL works?. Why is that so?
Email over SSL is uses the SSL / TLS protocol family as implemented by SSLSocketImpl and related classes in the Java runtime library.
Depending on which version of Java you are using, SSLSocketImpl will negotiate an acceptable version of the SSL / TLS protocols with the remote server. Java can support up to TLSv1.3 (in Java 11). Support for TLSv1.0 was added to Java 6 in update 1111
In fact, an update to Java 6 and later was made in January 2015 to disable SSLv3 support in Java 6 and later by default. You would have to set a system property in order to enable SSLv3.
1 - Java 6 update 111 is not publicly available. If you are using the last public release of Java 6, you are stuck with using the insecure SSLv3 or older. Most SMTP servers won't accept that. This is just one more reason to upgrade to a supported version of Java; i.e. Java 8, 11, or later.
But in java mail API using an SMTP server over SSL works?. Why is that so?
Because it is not using SSLv3 (or earlier); see above.