Oracle Java 8 problems due to TLS policy change

helpcrypto helpcrypto helpcrypto at gmail.com
Tue May 20 14:28:57 UTC 2014 

As I tried to explain, we have detected a problem running Oracle JRE8 cause
of TLS policy change (Now, TLS 1.1 and TLS 2.0 are enabled by default on
Control Panel, and this seems to cause a SSLException when working with our
very-legacy server)

I was looking to reproduce the error using Icedtea+OpenJDK, but firstly I
have to find TLS 1.1/TLS 2.0 configuration option.

Hope its clear now.



On Tue, May 20, 2014 at 4:06 PM, Andrew Azores <aazores at redhat.com> wrote:

>  On 05/16/2014 03:36 AM, helpcrypto helpcrypto wrote:
>
> Super Ping!
>
>
> On Mon, Apr 14, 2014 at 2:41 PM, helpcrypto helpcrypto <
> helpcrypto at gmail.com> wrote:
>
>> Hi Andrew, thx for replying.
>>
>>  On Fri, Apr 11, 2014 at 8:19 PM, Andrew Hughes <gnu.andrew at redhat.com>wrote:
>>
>>>
>>> ----- Original Message -----
>>> > Ping?
>>> >
>>> > On Fri, Apr 4, 2014 at 11:03 AM, helpcrypto helpcrypto <
>>> helpcrypto at gmail.com
>>> > > wrote:
>>> >
>>> > > According to
>>> > >
>>> http://docs.oracle.com/javase/8/docs/technotes/guides/security/enhancements-8.htmlOracle
>>> > > Java 8 now uses TLS1.1 and TLS1.2 (both enabled by default on
>>> > > Control Panel).
>>> > >
>>> > > This seems to be causing an error in our applet loading. Problem
>>> seems
>>> > > solved if both unchecked. Funny thing is our server only supports
>>> TLS1.0.
>>> > >
>>> > > Is icedtea8 following the same TLS policy? (switching to TLS1.1 and
>>> TLS1.2)
>>> > > If so, i should check if the same error appears.
>>> > >
>>>
>>>  I'm not sure what you're referring to here. There is no control panel in
>>> IcedTea/OpenJDK 6, 7 or 8. I seem to remember TLS 1.2 support being added
>>> as part of 7 (it was one of the reasons for the addition of an explicit
>>> ECC provider).
>>>
>>
> Maybe Jiri can chime in here?
>
>
>>  Oracle Java 8 JRE has enabled (by default) TLS 1.1 and TLS 1.2 and
>> that's causing some problems in our case. I was wondering how
>> OpenJDK/Icedtea is handling protocol priorities/this issue.
>>
>>  Is there such a thing as "Icedtea-Web JRE 8" so I can test?
>>
>
>
> I don't know anything about TLS in OpenJDK/IcedTea itself, but there is no
> "IcedTea-Web JRE 8" for you to test. There are only the regular releases,
> so 1.4 and 1.5 right now. What are you looking for in this "other build" of
> ITW?
>
> Thanks,
>
> --
> Andrew A
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20140520/fdf5eb20/attachment.html>

More information about the distro-pkg-dev mailing list