Oracle Java 8 problems due to TLS policy change

Mon May 26 15:46:07 UTC 2014

* helpcrypto helpcrypto <helpcrypto at gmail.com> [2014-05-20 10:39]:
> As I tried to explain, we have detected a problem running Oracle JRE8 cause of
> TLS policy change (Now, TLS 1.1 and TLS 2.0 are enabled by default on Control
> Panel, and this seems to cause a SSLException when working with our very-legacy
> server)
> 
> I was looking to reproduce the error using Icedtea+OpenJDK, but firstly I have
> to find TLS 1.1/TLS 2.0 configuration option.
> 
> Hope its clear now.
> 

There is no TLS configuration option; we do not offer one.

What you can do however is set JVM arguments via the ITW-settings
applications and provide -Djdk.tls.client.protocols="TLSv1,..."

Deepak

> 
> 
> On Tue, May 20, 2014 at 4:06 PM, Andrew Azores <aazores at redhat.com> wrote:
> 
>     On 05/16/2014 03:36 AM, helpcrypto helpcrypto wrote:
> 
>         Super Ping!
> 
> 
>         On Mon, Apr 14, 2014 at 2:41 PM, helpcrypto helpcrypto <
>         helpcrypto at gmail.com> wrote:
> 
>             Hi Andrew, thx for replying.
> 
>             On Fri, Apr 11, 2014 at 8:19 PM, Andrew Hughes <
>             gnu.andrew at redhat.com> wrote:
> 
> 
>                 ----- Original Message -----
>                 > Ping?
>                 >
>                 > On Fri, Apr 4, 2014 at 11:03 AM, helpcrypto helpcrypto <
>                 helpcrypto at gmail.com
>                 > > wrote:
>                 >
>                 > > According to
>                 > > http://docs.oracle.com/javase/8/docs/technotes/guides/
>                 security/enhancements-8.htmlOracle
>                 > > Java 8 now uses TLS1.1 and TLS1.2 (both enabled by default
>                 on
>                 > > Control Panel).
>                 > >
>                 > > This seems to be causing an error in our applet loading.
>                 Problem seems
>                 > > solved if both unchecked. Funny thing is our server only
>                 supports TLS1.0.
>                 > >
>                 > > Is icedtea8 following the same TLS policy? (switching to
>                 TLS1.1 and TLS1.2)
>                 > > If so, i should check if the same error appears.
>                 > >
> 
>                 I'm not sure what you're referring to here. There is no control
>                 panel in
>                 IcedTea/OpenJDK 6, 7 or 8. I seem to remember TLS 1.2 support
>                 being added
>                 as part of 7 (it was one of the reasons for the addition of an
>                 explicit
>                 ECC provider).
> 
> 
>         Maybe Jiri can chime in here?
> 
> 
> 
>             Oracle Java 8 JRE has enabled (by default) TLS 1.1 and TLS 1.2 and
>             that's causing some problems in our case. I was wondering how
>             OpenJDK/Icedtea is handling protocol priorities/this issue.
> 
>             Is there such a thing as "Icedtea-Web JRE 8" so I can test?
> 
> 
> 
> 
>     I don't know anything about TLS in OpenJDK/IcedTea itself, but there is no
>     "IcedTea-Web JRE 8" for you to test. There are only the regular releases,
>     so 1.4 and 1.5 right now. What are you looking for in this "other build" of
>     ITW?
> 
>     Thanks,
> 
>     --
>     Andrew A
> 
> 