IC5Notice: We have upgraded developerWorks Community to the latest version of IBM Connections. For more information, read our upgrade FAQ.
Topic
  • No replies
D2GK_yan_linfeng
D2GK_yan_linfeng
1 Post

Pinned topic Support for TLS renegotiation extension (RFC 5746) within J9VM

‏2010-12-19T14:39:34Z |
As pointed in this page http://www.ibm.com/developerworks/java/jdk/alerts/, IBM Platforms:
6 SR7 and later release should contain the fix for the CVE-2009-3555 issue.
However, when I'm running a Tomcat HTTPS server with the JRE6 SR8 FP1, it turns out that the HTTPS server served by the IBM JSSE doesn't support the TLS renegotiation extension. I'm detecting the support for TLS secure renegotiation in Chrome.

Meanwhile, when I'm doing the same test with Oracle JRE version 1.6.0_22-b04, in Chrome it shows that the Tomcat HTTPS server does support the TLS secure renegotiation.

  • IBM Java Version in test is:
./java -version
java version "1.6.0"
Java(TM) SE Runtime Environment (build pap6460sr8fp1-20100624_01(SR8 FP1))
IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 AIX ppc64-64 jvmap6460sr8ifx-20100609_59383 (JIT enabled, AOT enabled)
J9VM - 20100609_059383
JIT - r9_20100401_15339ifx2
GC - 20100308_AA)
JCL - 20100624_01

  • Oracle Java version in test is:
D:\tibco\jre\1.6.1\bin>java -version
java version "1.6.0_22"
Java(TM) SE Runtime Environment (build 1.6.0_22-b04)
Java HotSpot(TM) Client VM (build 17.1-b03, mixed mode)