Service refresh 6

Read about the changes in service refresh 6, and subsequent fix packs.

Skip to Service refresh 6 fix pack 5

Skip to Service refresh 6 fix pack 10

Skip to Service refresh 6 fix pack 11

Skip to Service refresh 6 fix pack 15

Skip to Service refresh 6 fix pack 20

Skip to Service refresh 6 fix pack 25

Skip to Service refresh 6 fix pack 30

Skip to Service refresh 6 fix pack 35

Service refresh 6

This release contains support for more algorithms with the IBMJCEPlus and IBMJCEPlusFIPS providers, support for HKDF with the IBMJCEPlus provider, the latest IBM fixes, and the most recent Oracle Critical Patch Update (CPU).

Support for more algorithms in the IBMJCEPlus and IBMJCEPlusFIPS providers
The IBMJCEPlus and IBMJCEPlusFIPS providers now support the following algorithms, as well as Diffie-Hellman Key Agreement:
  • DH
  • RSAPSS
In addition, the IBMJCEPlus provider supports the following algorithms:
  • ChaCha20 and ChaCha20-Poly1305
  • kda-hkdf-with-sha1, kda-hkdf-with-sha224, kda-hkdf-with-sha256, kda-hkdf-with-shasha384, and kda-hkdf-with-sha512
For more information, see IBMJCEPlus and IBMJCEPlusFIPS providers.
Support for HKDF

The IBMJCEPlus provider now supports HKDF functionality. For more information, see HMAC-based extract-then-expand key derivation function (HKDF).

Service refresh 6 fix pack 5

This release contains the latest IBM fixes and the most recent Oracle Critical Patch Update (CPU).

Service refresh 6 fix pack 10

This release contains support for more algorithms with the IBMPKCS11 provider, updates to elliptic curve Diffie-Hellman (ECDH) key agreement support with the IBMJCEPlus provider, the latest IBM fixes, and the most recent Oracle Critical Patch Update (CPU). In addition, the IBM support for ALPN is deprecated.

Support for more algorithms in the IBMPKCS11 provider
This release contains the latest IBM fixes, the most recent Oracle Critical Patch Update (CPU), and support for the following algorithms by the IBMPKCS11 provider:
  • RSAPSS signature algorithm
  • Signature.SHA224withDSA
  • Signature.SHA256withDSA
  • Signature.SHA384withDSA
  • Signature.SHA512withDSA
For a list of all supported algorithms, see Appendix A: Supported Algorithms.
XEC curves for ECDH key agreement
XEC curves are now supported for elliptic curve Diffie-Hellman (ECDH) key agreement in the IBMJCEPlus provider. For more information, see XEC curves for ECDH key agreement.
Support for ALPN
The IBM ALPN support, which uses the com.ibm.jsse2.ext.ALPNJSSEExt class, is deprecated and will be replaced by the Oracle ALPN support in a future release.

Service refresh 6 fix pack 11

Support for TLS Application-Layer Protocol Negotiation (ALPN) has changed. Previously, this support was provided by the com.ibm.jsse2.ext.ALPNJSSEExt class. Oracle recently added support for ALPN to Java 8, so this class is now removed and support is instead provided in the same manner as Oracle. As a result, the following classes have changed: SSLEngine, SSLParameters, and SSLSocket. For more information about these classes, see the IBMJSSE2 API reference. For more information about ALPN and how to use it, see TLS Application Layer Protocol Negotiation in the Oracle documentation.

Service refresh 6 fix pack 15

This release contains the latest IBM fixes, the most recent Oracle Critical Patch Update (CPU), and a new system property to enhance security.
New JGSS system property com.ibm.security.krb5.acceptor.sequence.number.nonmutual
In earlier releases of the SDK, if the Kerberos V5 initiator did not request mutual authentication, there was no way to negotiate the acceptor's initial sequence number. From this release, for the non-mutual authentication scenario, the sequence number is determined by the com.ibm.security.krb5.acceptor.sequence.number.nonmutual system property. By default, both initiator and acceptor assume the acceptor's initial sequence number is the same as the initiator's. If you use this system property, you must set it to a matching value on both the initiator and acceptor. For more information, see Some JGSS Used Java Properties.

Service refresh 6 fix pack 20

This release contains the latest IBM fixes and the most recent Oracle Critical Patch Update (CPU).

Service refresh 6 fix pack 25

This release contains the latest IBM fixes, the most recent Oracle Critical Patch Update (CPU), changes to the JCE providers, new algorithm support in the IBMCAC provider, an implementation change for SSLContext.getInstance("TLS"), and many JSSE updates. Also, if you are using the IBMJCEFIPS provider for TLS, you must update the jdk.tls.disabledAlgorithms system property.
IBMJCEPlus provider now supported on z/OS
The IBMJCEPlus provider is now supported on z/OS® as well as on AIX®, Linux®, and Windows. The functionality of the provider is the same on z/OS as on the other operating systems.
IBMJCEPlus provider now in the java.security file

The IBMJCEPlus provider is added to the java.security file on AIX, Linux, Windows, and z/OS, after the IBMJCE provider. For more information about the use of this file to determine which provider is used, see Installing Providers for JCE.

IBMCAC provider now supports the RSA-PSS signature algorithm

The IBMCAC provider is updated to include support for the RSA-PSS signature algorithm. For a list of all the algorithms supported by this provider, see Supported algorithms.

Support for TLS 1.3 in the IBMJSSE2 provider
The IBMJSSE2 provider now supports TLS 1.3 as described in RFC 8446. Among other things, this RFC speeds up TLS handshakes by requiring only 1 round-trip, and removes support for older, weaker algorithms. The TLS 1.3 support includes the following additions:
  • Two new security properties are added:
    • jdk.tls.server.protocols configures the default enabled protocol suite in the server side of the IBMJSSE2 provider.
    • jdk.tls.keyLimits limits the amount of data that an algorithm can encrypt with a specific set of keys before a new set of keys is requested.
  • The following new cipher suites are added. These are the only suites that are available for TLS 1.3:
    • TLS_CHACHA20_POLY1305_SHA256
    • TLS_AES_128_GCM_SHA256
    • TLS_AES_256_GCM_SHA384
Notes:
  • The TLS 1.3 protocol requires the IBMJCEPlus provider.
  • TLS 1.3 is disabled by default on both the client and the server. To enable it, see Enabling TLS 1.3.
  • TLS 1.3 is not directly compatible with previous versions. For more information, see Enabling TLS 1.3.
Enhancements for TLS 1.2 support in the IBMJSSE2 provider
The following enhancements are added to the TLS 1.2 support:
  • The following ChaCha cipher suites are added:
    • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
    • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
    • TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
    Use of these suites requires the IBMJCEPlus provider.
  • Support is added for Online Certificate Status Protocol (OCSP) stapling for TLS. OCSP stapling enables the server, rather than the client, to make the request to the OCSP responder. This reduces the load on the OCSP responder because the response can be cached and periodically refreshed by the server rather than by each client. For more information, see Determine X.509 certificate revocation status with OCSP.
  • RSASSA-PSS signed certificates are now supported using the TLS protocol.
  • When using the IBMJCEPlus provider, 4096 DH keys are supported with TLS.
Other new system properties for JSSE

The following new system properties are also added in this release. For more information about each property, see Customization.

The jsse.enableMFLNExtension system property enables or disables the maximum fragment length negotiation (MFLN) extension. This feature can be useful for constrained TLS clients that need to negotiate a smaller maximum fragment length due to memory or bandwidth limitations.

The following properties customize the default enabled cipher suites for the client or server side of SSL and TLS connections:
  • jdk.tls.client.cipherSuites (client)
  • jdk.tls.server.cipherSuites (server)
The following properties enable or disable support for Online Certificate Status Protocol (OCSP) stapling on the client or server:
  • jdk.tls.client.enableStatusRequestExtension (client)
  • jdk.tls.server.enableStatusRequestExtension (server)
The following properties specify the signature schemes that can be used for TLS connections:
  • jdk.tls.client.SignatureSchemes (client)
  • jdk.tls.server.SignatureSchemes (server)
The TLS renegotiation properties com.ibm.jsse2.renegotiate and com.ibm.jsse2.extended.renegotiation.indicator are replaced by the following new properties:
  • com.ibm.jsse2.allowUnsafeRenegotiation
  • com.ibm.jsse2.allowLegacyHelloMessages
Use of the earlier properties has no effect, and no warning message is produced. For more information about the new properties, see Transport Layer Security (TLS) Renegotiation Issue.

The com.ibm.jsse2.overrideDefaultCSName system property specifies whether to return cipher names as defined by Oracle or the equivalent names used in previous IBM SDK releases. For example, some cipher suite names begin with "TLS" when defined by Oracle but "SSL" in the IBM SDK. This difference is due to some cipher names being defined before the finalization of the first TSL specification.

Other changes to JSSE cipher suites
The following changes apply in addition to the new cipher suites already mentioned:
  • The GCM cipher suites now have higher preference.
  • Some JSSE2 cipher suites are now obsolete and should not be used. The obsolete suites are disabled by default in IBMJSSE2.
  • The following cipher suites have been removed:
    • SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
    • SSL_RSA_FIPS_WITH_DES_CBC_SHA
For a list of cipher suites in order of preference and whether they are enabled or disabled by default, see Cipher suites.
Change to the JSSE "TLS" protocol alias
The "TLS" alias is changed to include the TLS V1.1 and V1.2 protocols in addition to TLS V1.0. For more information about protocol aliases, see the list of standard protocol names in Protocols.
Use of the IBMJCEFIPS provider for TLS requires an update to jdk.tls.disabledAlgorithms
If you are using the IBMJCEFIPS provider for TLS, add RSASSA-PSS, RSAPSS to the jdk.tls.disabledAlgorithms system property in the java.security file, otherwise you might see the following error:
java.lang.NullPointerException
at com.ibm.crypto.fips.provider.RSAPSSSignature.b(Unknown Source)
This action is required because the IBMJCEFIPS provider is no longer being recertified; it is intended that the IBMJCEPlusFIPS provider will supersede the IBMJCEFIPS provider.

Service refresh 6 fix pack 30

This release contains the latest IBM fixes and the most recent Oracle Critical Patch Update (CPU).
TLS 1.0 and 1.1 are disabled by default
TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer considered secure and have been superseded by more secure and modern versions (TLS 1.2 and 1.3). From this release, TLS 1.0 and 1.1 are disabled by default. If you encounter issues, you can, at your own risk, re-enable the older versions by removing the appropriate string from the jdk.tls.disabledAlgorithms security property in the java.security configuration file. For more information about this property, see Customization.
Support for certificate authorities extension

The certificate authorities extension is an optional extension that was introduced in TLS 1.3. You can use this extension to indicate the certificate authorities (CAs) that an endpoint supports and that should be used by the receiving endpoint to guide certificate selection. The extension is supported for TLS 1.3 on both the client and server sides. This extension is always present for client certificate selection but is optional for server certificate selection; to enable it for server certificate selection from within an application, set the jdk.tls.client.enableCAExtension system property to true. For more information about this property, see Customization.

New property for controlling reconstruction of remote objects by JNDI RMI
A new property, jdk.jndi.object.factoriesFilter, is available for specifying a filter that controls the set of object factory classes permitted to instantiate objects from object references that are returned by naming or directory systems. The factory class named by the reference instance is matched against this filter during remote reference reconstruction. The filter property supports pattern-based filter syntax with the format specified by JEP 290. Each pattern is matched against the factory class name to allow or disallow its instantiation. The access to a factory class is allowed unless the filter returns REJECTED. This property applies both to the JNDI/RMI and the JNDI/LDAP built-in provider implementations.

The default value of the property is "*", indicating that any object factory class that is specified by the reference instance can recreate the referenced object.

This property is both a system property (specified on the command line or in application code by using the java.lang.System.setProperty method) and a security property (specified in the java.security configuration file or in application code by using the java.security.Security.setProperty method). If you specify both types of property, the system property overrides the security property.

Warnings when weak algorithms are used
The keytool and jarsigner tools are updated to warn users when weak cryptographic algorithms are used in keys, certificates, and signed .jar files before they are disabled. The weak algorithms are specified in the jdk.security.legacyAlgorithms security property in the java.security configuration file. In this release, the tools issue warnings for the SHA-1 hash algorithm and 1024-bit RSA and DSA keys. For more information about setting properties in the configuration file, see How to Specify a java.security.Security Property.

Service refresh 6 fix pack 35

This release contains the latest IBM fixes and the most recent Oracle Critical Patch Update (CPU).

Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS

The IBMJSSE2 provider now supports the TLS FFDHE mechanisms defined in RFC 7919. If a server cannot process the "supported_groups" TLS extension or the named groups in the extension, applications can either customize the supported group names with the jdk.tls.namedGroups system property or turn off the FFDHE mechanisms by setting the jsse.enableFFDHE system property to false. For more information about these properties, see Customization.

Note: Support for ffdhe3072, ffdhe4096, ffdhe6144 and ffdhe8192 requires the IBMJCEPlus or the IBMJCEPlusFIPS providers.
Improved Encoding of TLS Application-Layer Protocol Negotiation (ALPN) Values
Some TLS ALPN values could not be properly read or written by the IBMJSSE2 provider. This issue was due to the ALPN API using Strings and the conversion of those Strings by the provider into byte arrays using UTF-8, which converts characters larger than U+00007F (7-bit ASCII) into multi-byte arrays, which might not be expected by a peer.

ALPN values are now represented using the network byte representation that is expected by the peer, which should require no modification for standard 7-bit ASCII-based character Strings. However, the IBMJSSE2 provider now encodes and decodes String characters as 8-bit ISO_8859_1/LATIN-1 characters. This means that applications that used characters above U+000007F that were previously encoded using UTF-8 might need to either be modified to perform the UTF-8 conversion, or set the security property jdk.tls.alpnCharset to UTF-8 to revert the behavior.

Enhancements to key certificate management
The following enhancements are made for certificates that are generated by IBM key certificate management utilities:
  • You can now specify multiple subject alternative name (SAN) values in certificates. For more information, see the com.ibm.security.certclient.util package in the API documentation.
  • The authority key identifier (AKI) extension is added to non self-signed certificates.