IBM Support

WebSphere Application Server java.security file

Release Notes


Abstract

WebSphere Application Server java.security file may need manual updates

Content

The java.security file shipped with WebSphere Application Server is a customizable file. WebSphere Application Server does not update this file when fix packs or i-fixes are applied, to avoid overwriting customizations.

WebSphere Application Server Liberty using the Installation Manager (IM) install method, and the WebSphere Application Server Classic may be affected.

The java.security file may need manual updates to comply with both security and performance upgrades.

See the following, organized by Java major version, to determine if your java.security file needs to be manually updated.

Java 8

Java 8 release start pointDescriptionCVECommon namejava.security property
Java 8 GAVulnerability in SSLv3CVE-2014-3566POODLEjdk.tls.disabledAlgorithms=SSLv3
Java 8 SR1Vulnerability in RC4CVE-2015-2808Bar Mitzvahjdk.tls.disabledAlgorithms=SSLv3, RC4
Java 8 SR1 FP1Vulnerability with Diffie-Hellman ciphersCVE-2015-4000Logjamjdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize <768
Java 8 SR2Performance degradation due to secure random sourcen/an/asecurerandom.source=file:/dev/urandom
Java 8 SR2 FP10Vulnerability in MD5 CVE-2015-7575SLOTHjdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
-and-
jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize <768, MD5withRSA



Java 7 and 7.1

Java 7/7.1 release start pointDescriptionCVECommon namejava.security property
Java 7.1 SR2
----
Java 7 SR8 FP10
Vulnerability in SSLv3CVE-2014-3566POODLEjdk.tls.disabledAlgorithms=SSLv3
Java 7.1 SR 3
-----
Java 7 SR9
Vulnerability in RC4CVE-2015-2808Bar Mitzvahjdk.tls.disabledAlgorithms=SSLv3, RC4
Java 7.1 SR3 FP10
-----
Java 7 SR9 FP10
Vulnerability with Diffie-Hellman ciphersCVE-2015-4000Logjamjdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize <768
Java 7.1 SR3 FP30
-----
Java 7 SR9 FP30
Vulnerability in MD5CVE-2015-7575SLOTHjdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
-and-
jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize <768, MD5withRSA


Java 6 and 6.1


Minimum Java 6/6.1 DescriptionCVECommon namejava.security property
Java 6.1 SR8 FP2
-----
Java 6 SR16 FP3
Vulnerability in SSLv3CVE-2014-3566POODLEjdk.tls.disabledAlgorithms=SSLv3
Java 6.1 SR8 FP7
-----
Java 6 SR16 FP7
Vulnerability in RC4CVE-2015-2808Bar Mitzvahjdk.tls.disabledAlgorithms=SSLv3, RC4
Java 6.1 SR8 FP5
-----
Java 6 SR16 FP5
Vulnerability with Diffie-Hellman ciphersCVE-2015-4000Logjamjdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize <768
Java 6.1 SR8 FP20
-----
Java 6 SR16 FP20
Vulnerability in MD5CVE-2015-7575SLOTHjdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
-and-
jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize <768, MD5withRSA

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Java SDK","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"},{"code":"PF013","label":"Inspur K-UX"}],"Version":"8.5.5;8.5;8.0;7.0","Edition":"Base;Developer;Liberty;Network Deployment","Line of Business":{"code":"LOB15","label":"Integration"}}]

Document Information

Modified date:
17 June 2018

UID

swg27045560