Oracle Java 8 problems due to TLS policy change

helpcrypto helpcrypto helpcrypto at gmail.com
Mon May 26 15:56:12 UTC 2014 

hmmm...going to try this and setup TLSv1.1 and TLSv2 to try to replicate
Oracle error.
If appears, then we could investigate the issue.
Thanks for the idea!!!


On Mon, May 26, 2014 at 5:46 PM, Deepak Bhole <dbhole at redhat.com> wrote:

> * helpcrypto helpcrypto <helpcrypto at gmail.com> [2014-05-20 10:39]:
> > As I tried to explain, we have detected a problem running Oracle JRE8
> cause of
> > TLS policy change (Now, TLS 1.1 and TLS 2.0 are enabled by default on
> Control
> > Panel, and this seems to cause a SSLException when working with our
> very-legacy
> > server)
> >
> > I was looking to reproduce the error using Icedtea+OpenJDK, but firstly
> I have
> > to find TLS 1.1/TLS 2.0 configuration option.
> >
> > Hope its clear now.
> >
>
> There is no TLS configuration option; we do not offer one.
>
> What you can do however is set JVM arguments via the ITW-settings
> applications and provide -Djdk.tls.client.protocols="TLSv1,..."
>
> Deepak
>
> >
> >
> > On Tue, May 20, 2014 at 4:06 PM, Andrew Azores <aazores at redhat.com>
> wrote:
> >
> >     On 05/16/2014 03:36 AM, helpcrypto helpcrypto wrote:
> >
> >         Super Ping!
> >
> >
> >         On Mon, Apr 14, 2014 at 2:41 PM, helpcrypto helpcrypto <
> >         helpcrypto at gmail.com> wrote:
> >
> >             Hi Andrew, thx for replying.
> >
> >             On Fri, Apr 11, 2014 at 8:19 PM, Andrew Hughes <
> >             gnu.andrew at redhat.com> wrote:
> >
> >
> >                 ----- Original Message -----
> >                 > Ping?
> >                 >
> >                 > On Fri, Apr 4, 2014 at 11:03 AM, helpcrypto helpcrypto
> <
> >                 helpcrypto at gmail.com
> >                 > > wrote:
> >                 >
> >                 > > According to
> >                 > >
> http://docs.oracle.com/javase/8/docs/technotes/guides/
> >                 security/enhancements-8.htmlOracle
> >                 > > Java 8 now uses TLS1.1 and TLS1.2 (both enabled by
> default
> >                 on
> >                 > > Control Panel).
> >                 > >
> >                 > > This seems to be causing an error in our applet
> loading.
> >                 Problem seems
> >                 > > solved if both unchecked. Funny thing is our server
> only
> >                 supports TLS1.0.
> >                 > >
> >                 > > Is icedtea8 following the same TLS policy?
> (switching to
> >                 TLS1.1 and TLS1.2)
> >                 > > If so, i should check if the same error appears.
> >                 > >
> >
> >                 I'm not sure what you're referring to here. There is no
> control
> >                 panel in
> >                 IcedTea/OpenJDK 6, 7 or 8. I seem to remember TLS 1.2
> support
> >                 being added
> >                 as part of 7 (it was one of the reasons for the addition
> of an
> >                 explicit
> >                 ECC provider).
> >
> >
> >         Maybe Jiri can chime in here?
> >
> >
> >
> >             Oracle Java 8 JRE has enabled (by default) TLS 1.1 and TLS
> 1.2 and
> >             that's causing some problems in our case. I was wondering how
> >             OpenJDK/Icedtea is handling protocol priorities/this issue.
> >
> >             Is there such a thing as "Icedtea-Web JRE 8" so I can test?
> >
> >
> >
> >
> >     I don't know anything about TLS in OpenJDK/IcedTea itself, but there
> is no
> >     "IcedTea-Web JRE 8" for you to test. There are only the regular
> releases,
> >     so 1.4 and 1.5 right now. What are you looking for in this "other
> build" of
> >     ITW?
> >
> >     Thanks,
> >
> >     --
> >     Andrew A
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20140526/f326257b/attachment-0001.html>

More information about the distro-pkg-dev mailing list