Service refresh 5

Read about the changes in service refresh 5, and subsequent fix packs.

Skip to Service refresh 5 fix pack 5

Skip to Service refresh 5 fix pack 10

Skip to Service refresh 5 fix pack 15

Skip to Service refresh 5 fix pack 20

Skip to Service refresh 5 fix pack 25

Skip to Service refresh 5 fix pack 30

Skip to Service refresh 5 fix pack 35

Skip to Service refresh 5 fix pack 40

Service refresh 5

This refresh contains some support for the IBM® 4765 cryptographic card through the IBMPKCS11Impl security provider, and Oracle critical patch updates. The IBM 4765 cryptographic card is supported in a limited fashion on the AIX® platform, in both 32-bit and 64-bit modes, for use by Security Key Lifecycle Manager (SKLM).

For SKLM, only the following PKCS#11 crypto operations are supported:

Generate an AES 128-bit or 256-bit key.
Encrypt and decrypt data using an AES key and an AES/ECB/NoPadding cipher.
Store and retrieve an AES key to/from a PKCS11IMPLKS (PKCS#11) key store.

Service refresh 5 fix pack 5

This refresh contains Oracle critical patch updates and the following fix to the Server Name Indication (SNI) extension: when using a custom hostname verifier, the Server Name is now correctly sent in the TLS ClientHello phase. For more information about this fix, see https://bugs.openjdk.java.net/browse/JDK-8144566.

Service refresh 5 fix pack 10

This release contains the latest IBM fixes, the most recent Oracle Critical Patch Update (CPU), and the following updates:

IBM JCEPlus and IBMJCEPlusFIPS providers
Changes to default security policy files
Support for TLS session hash and extended master secret extension in IBMJSSE2
Stricter key generation
IBMJCE provider default Diffie-Hellman (DH) key size change
IBMPKCS11Impl provider default key size changes
IBMJCE provider RSA public key validation
Exportable cipher suites disabled by default
Some SHA-1 certificate chains are disabled
Jar files can no longer be signed with DSA key sizes less than 1024 bits

IBM JCEPlus and IBMJCEPlusFIPS providers

The IBMJCEPlus and IBMJCEPlusFIPS providers are new security providers from IBM, which provide hardware-accelerated cryptographic algorithms (where hardware acceleration is supported). For more information, see IBMJCEPlus and IBMJCEPlusFIPS providers.

Changes to default security policy files

The unlimited jurisdiction policy files are now used by default. To use the limited jurisdiction policy files, set the crypto.policy property value to limited in the java.security file. Both the limited and unlimited jurisdiction policy files are included in the SDK in a new directory structure. For more information, see SDK Security policy files.

Support for TLS session hash and extended master secret extension in IBMJSSE2

Support is added for the TLS session hash and extended master secret extension (RFC 7627) in the IBMJSSE2 provider.

In general, server certificate change is restricted if endpoint identification is not enabled and the previous handshake is a session-resumption abbreviated initial handshake, unless the identities represented by both certificates can be regarded as the same. However, if the extension is enabled or negotiated, the server certificate changing restriction is not necessary and will be discarded accordingly. In case of compatibility issues, an application can disable negotiation of this extension by setting the jdk.tls.useExtendedMasterSecret system property to false. By setting the jdk.tls.allowLegacyResumption system property to false, an application can reject abbreviated handshaking when the session hash and extended master secret extension is not negotiated. By setting the jdk.tls.allowLegacyMasterSecret system property to false, an application can reject connections that do not support the session hash and extended master secret extension.

Stricter key generation

The generateSecret(String) method is mostly disabled in the javax.crypto.KeyAgreement services of the IBMJCE and IBMPKCS11Impl providers. Invoking this method for these providers results in a NoSuchAlgorithmException exception for most algorithm string arguments. To revert to the earlier behavior of this method, set the value of the jdk.crypto.KeyAgreement.legacyKDF system property to true (case insensitive). Re-enabling this method is not recommended.

IBMJCE provider default Diffie-Hellman (DH) key size change

The default DH key size for the IBMJCE provider is increased from 1024 to 2048 bits unless applications have explicitly initialized the java.security.KeyPairGenerator and java.security.AlgorithmParameterGenerator objects with a key size.

IBMPKCS11Impl provider default key size changes

The default key sizes for the IBMPKCS11Impl provider are changed for the following algorithms:

DSA algorithm: The key size limit is increased from 512 bits to 1024 bits (The PKCS11 specification does not allow key sizes greater than 1024 bits).
RSA algorithm: The key size limit is increased from 1024 bits to 2048 bits.
Diffie-Hellman (DH) algorithm: The key size limit is increased from 1024 bits to 2048 bits.

IBMJCE provider RSA public key validation

The RSA implementation in the IBMJCE provider will reject any RSA public key that has an exponent that is not in the valid range, as defined by PKCS#1 version 2.2. This change affects JSSE connections as well as applications built on JCE.

Exportable cipher suites disabled by default

To improve security, algorithms DES40_CBC and RC4_40 are now disabled by default. These algorithms are added to the jdk.tls.disabledAlgorithms property in the java.security file.

The following legacy algorithms are also removed by deleting them from the jdk.tls.legacyAlgorithms property in the java.security file: DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, DH_RSA_EXPORT, and RSA_EXPORT.

Some SHA-1 certificate chains are disabled

To improve security, TLS server certificate chains are now disabled if they are anchored by a SHA-1 certificate that is included by default in the SDK. This behavior is specified by the jdk.certpath.disabledAlgorithms property described in SP800-131A Compliance. Private Certificate Authorities are not affected. For more information, see JEP 288.

Jar files can no longer be signed with DSA key sizes less than 1024 bits

To improve security, jar files can no longer be signed with DSA key sizes less than 1024 bits. This change is implemented through the jdk.jar.disabledAlgorithms property in the java.security file.

Service refresh 5 fix pack 15

The release includes an update to the IBMJSSE2 provider, plus the latest IBM fixes and the most recent Oracle Critical Patch Update (CPU).

The IBMJSSE2 provider is updated to support the TLS Application-Layer Protocol Negotiation (ALPN) Extension, which provides the means to negotiate an application protocol for a TLS connection.

Note: In service refresh 6 fix pack 11, the ALPN support was changed to match the Oracle ALPN support. See Service refresh 6 fix pack 11.

Service refresh 5 fix pack 20

This release contains updated jurisdiction policy files, new PKCS #11 support for Thales¹ hardware security modules, the latest IBM fixes, and the most recent Oracle Critical Patch Update (CPU).

Updated policy files

New policy files are included with these refreshes because the current JCE code signing certificate expires in October 2018. For more information about the location of these files, see SDK Security policy files.

New PKCS #11 card support

The IBM PKCS #11 cryptographic provider now supports the following cards:

Thales nShield Connect 500+, 1500+, and 6000+
Thales nShield Connect XC High, XC Mid, and XC Base
Thales Solo 500+ and 6000+
Thales Solo XC High, XC Mid, and XC Base

For more information, see IBM PKCS11 Cryptographic Provider.

Service refresh 5 fix pack 25

In addition to the latest IBM fixes and the most recent Oracle Critical Patch Update (CPU), support is added for the use of the IBM Crypto Express® 6 hardware cryptographic card through the IBMPKCS11Impl provider. Support for the following cards is removed:

IBM 4764 Cryptographic Coprocessor
IBM 4765 Cryptographic Coprocessor
IBM Crypto Express 2
IBM Crypto Express 3

For information about supported cards, see IBM PKCS11 Cryptographic Provider.

Service refresh 5 fix pack 30

To improve security, algorithms anon and NULL are now disabled by default. These algorithms are added to the jdk.tls.disabledAlgorithms property in the java.security file. This release also contains the latest IBM fixes and the most recent Oracle Critical Patch Update (CPU).

Service refresh 5 fix pack 35

This release contains the latest IBM fixes, the most recent Oracle Critical Patch Update (CPU), and the following new features:

New card support for PKCS11: SafeNet Luna 7 cards are now supported with the IBM PKCS11 cryptographic provider. For more information, see IBM PKCS11 Cryptographic Provider.
TLS server certificates anchored by Symantec root certificate authorities are now distrusted: Oracle, in line with Google, Mozilla, Apple, and Microsoft, now distrust Symantec certificates. TLS Server certificates that were issued on or before April 16, 2019 will continue to be trusted until they expire. Certificates issued after that date will be rejected, with the exception of certificates that were issued on or before December 31, 2019 through two subordinate certificate authorities that are managed by Apple. If necessary, and at your own risk, you can work around the restrictions by removing SYMANTEC_TLS from the jdk.security.caDistrustPolicies security property in the java.security configuration file. For more information and a list of distrusted certificates, see Distrust TLS Server Certificates Anchored by Symantec Root CAs in the Oracle release notes. For more information about setting properties in the configuration file, see How to Specify a java.security.Security Property.

Service refresh 5 fix pack 40

This release contains the latest IBM fixes, and the most recent Oracle Critical Patch Update (CPU).

¹ These modules moved from Thales to the nCipher brand in August 2019