The following are some of the notable bug fixes included in this release:Īpplication code using LDAPS with a socket connect timeout that is <= 0 (the default value) may encounter an exception when establishing the connection. Applications that require authenticated encryption can use the Cipher API directly as an alternative to using this class. Because of this behavior, this class may not be suitable for use with decryption in an authenticated mode of operation (e.g. These exceptions are not re-thrown, so the client may not be informed that integrity checks failed. The specification of has been clarified to indicate that this class may catch BadPaddingException and other exceptions thrown by failed integrity checks during decryption. The following SECOM root certificate is no longer in use and has been removed:ĭN: OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP The following Baltimore CyberTrust Code Signing root certificate is no longer in use and has been removed:ĭN: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE Removal of Baltimore Cybertrust Code Signing CA
For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=USĭN: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=USĭN: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=USĭN: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. The following Symantec root certificates are no longer in use and have been removed:ĭN: OU=Equifax Secure Certificate Authority, O=Equifax, C=USĭN: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=USĭN: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=USĭN: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. Note that prior to this change, DES40_CBC (but not all DES) suites were disabled via the security property. In both cases re-enabling DES must be followed by adding DES-based cipher suites to the enabled cipher suite list using the tEnabledCipherSuites() or tEnabledCipherSuites() methods. These cipher suites can be reactivated by removing "DES" from the security property in the curity file or by dynamically calling the tProperty() method. DES-based cipher suites have been deactivated by default in the SunJSSE implementation by adding the "DES" identifier to the security property. JRE Security Baseline (Full Version String)ĭES-based TLS cipher suites are considered obsolete and should no longer be used.