Dell BSAFE SSL-J Owner's manual

Brand: Dell

Model: BSAFE SSL-J

Type: Owner's manual

Release Notes

17.12.19

RSA BSAFE

SSL-J 6.2.6 Release Notes

This document summarizes the features of RSA BSAFE SSL-J 6.2.6 (SSL-J). It

outlines the new features, platform information, and resolved and known issues.

Note: All SSLJ APIs are deprecated. The APIs are available for use, and will

be removed at some future time. RSA recommends replacing the SSLJ APIs

with the public JSSE API and the Certificate API in RSA BSAFE Crypto-J

(Crypto-J).

Contents:

New Features ................................................................................................... 2

Changes ............................................................................................................ 2

Related Products .............................................................................................. 2

FIPS 140-2 Status ............................................................................................ 3

Operating Environment Information .............................................................. 4

Primary Operating Environments ............................................................ 4

Secondary Operating Environments ...................................................... 7

Tested JDK Update Versions ................................................................ 10

Discontinued Platforms .......................................................................... 11

Algorithms and Key Sizes ............................................................................. 11

Interoperability ................................................................................................ 12

Cipher Suites .................................................................................................. 14

Enhancements and Resolved Issues .......................................................... 19

Known Issues ................................................................................................. 19

Documentation ............................................................................................... 20

Support and Service ...................................................................................... 22

2 New Features

RSA BSAFE SSL-J 6.2.6 Release Notes

New Features

This release of SSL-J is designed to provide the following new feature.

• Added support for the standard JDK security property

jdk.certpath.disa bledAlgorit hms.

Changes

This release of SSL-J is designed to include fixes for specific issues.

For more information, see Enhancements and Resolved Issues.

Related Products

This release of SSL-J must be used with:

• Crypto-J 6.2.5, which includes the FIPS 140 validated Java Cryptographic

Module (JCM).

• RSA BSAFE Cert-J 6.2.4 (Cert-J) to provide access to the CertJ API objects.

Note: All CertJ APIs are deprecated. The APIs are available for use, and

will be removed at some future time. RSA recommends replacing the

CertJ APIs with the public JCE API and the Certificate API in Crypto-J.

• RSA BSAFE Crypto-C Micro Edition 4.1 (Crypto-C ME) to provide native crypto

support.

Use of other versions of these products might work, but support is not guaranteed.

FIPS 140-2 Status 3

RSA BSAFE SSL-J 6.2.6 Release Notes

FIPS 140-2 Status

FIPS 140-2 (Federal Information Processing Standards Publication 140-2 - Security

Requirements for Cryptographic Modules) details the United States Government

requirements for cryptographic modules. For more information about the FIPS 140-2

standard and validation program, see the FIPS 140-2 page on the NIST Web site.

The FIPS 140-2 validated configurations of this release inherit their FIPS 140-2 status

from the RSA BSAFE Crypto-J JSAFE and JCE Software Module 6.2.5 (Crypto-J

JSAFE and JCE Software Module).

For more information, and the complete list of FIPS 140-2 tested and vendor affirmed

operating environments, and for detailed information about the Crypto-J JSAFE and

JCE Software Module and the secure operation of SSL-J, see the Security Policy

documents included with this release.

For details about the toolkit configuration and cryptographic implementation of

SSL-J, see the About the SSL-J Toolkit section of the RSA BSAFE SSL-J Installation

Guide.

4 Operating Environment Information

RSA BSAFE SSL-J 6.2.6 Release Notes

Operating Environment Information

Operating environment support for SSL-J is separated into two categories:

• Primary Operating Environments: SSL-J is designed and tested to support these

operating environments at the time of release.

• Secondary Operating Environments: these operating environments are not tested

with this release. These operating environments are expected to work, but support

is not guaranteed. If any issues are found, a specific request for investigation can

be made through RSA Customer Support.

• Tested JDK Update Versions: lists the tested JDK update versions for the

supported primary platforms and operating systems.

Primary Operating Environments

The following table lists the platforms and operating systems supported by SSL-J at

the time of release, and details compiler information.

Table 1 Primary Operating Environment Information

Operating System

CPU

Architecture

CPU

Size

Compiler Version

Apple

Mac OS

X 10.11+

x86_64 64-bit Apple JDK 8.0

x86 32-bit

Canonical

Ubuntu

16.04 Server x86_64

64-bit

IBM

JDK 8.0

OpenJDK 8u

Oracle

JDK 8.0, 9.0.1

x86 32-bit IBM JDK 8.0

OpenJDK 8u

Oracle JDK 8.0

CentOS™ Project

CentOS 7.6 x86_64 64-bit IBM JDK 8.0

OpenJDK 8u

Oracle JDK 8.0, 9.0.1

CentOS 6.10 x86_64 64-bit IBM JDK 8.0

OpenJDK 8u

Oracle JDK 8.0, 9.0.1

FreeBSD

Foundation

FreeBSD 11.x x86_64 64-bit OpenJDK 8u

Operating Environment Information 5

RSA BSAFE SSL-J 6.2.6 Release Notes

Google

Android™ 9.0

ARM

v8-A 64-bit

Android SDK 28

Android 8.x ARM v8 64-bit Android SDK 26, 27

ARM v8 32-bit

ARM v7 32-bit

x86 32-bit

Android 7.x ARM v8 64-bit Android SDK 24. 25

ARM v8 32-bit

ARM v7 32-bit

x86 32-bit

IBM

AIX

7.2 PowerPC

64-bit IBM JDK 8.0

PowerPC 32-bit

Micro Focus

SUSE

Linux

Enterprise Server

12 SP5

, SP4

, SP3, SP2

x86_64 64-bit IBM JDK 8.0

OpenJDK 8u

Oracle JDK 8.0, 9.0.1

Microsoft

Windows

10 Enterprise

x86_64 64-bit IBM JDK 8.0

Oracle JDK 8.0, 9.0.1

Windows 8.1 Enterprise x86_64 64-bit IBM JDK 8.0

Oracle JDK 8.0, 9.0.1

Windows 7 Enterprise SP1 x86_64 64-bit IBM JDK. 8.0

Oracle JDK 8.0, 9.0.1

Windows Server 2016 x86_64 64-bit IBM JDK 8.0

Oracle JDK 8.0, 9.0.1

Windows Server 2012 R2 x86_64 64-bit IBM JDK 8.0

Oracle JDK 8.0, 9.0.1

Windows Server 2012 x86_64 64-bit IBM JDK 8.0

Oracle JDK 8.0, 9.0.1

Table 1 Primary Operating Environment Information (continued)

Operating System

CPU

Architecture

CPU

Size

Compiler Version

6 Operating Environment Information

RSA BSAFE SSL-J 6.2.6 Release Notes

Microsoft (continued)

Windows Server 2008 SP2 x86_64 64-bit IBM JDK. 8.0

Oracle JDK 8.0

Windows Server 2008

(SSLF configuration)

x86_64 64-bit IBM JDK 8.0

Oracle JDK 8.0

Oracle

Solaris

11 SPARC

64-bit IBM JDK 8.0

Oracle JDK 8.0, 9.0.1

x86_64 64-bit Oracle JDK8.0

Solaris 10 SPARC v9 64-bit IBM JDK 8.0

Oracle JDK 8.0

x86_64 64-bit Oracle JDK8.0

Red Hat

Enterprise Linux 7.6 x86_64 64-bit IBM JDK 8.0

OpenJDK 8u

Oracle JDK 8.0, 9.0.1

No Native support, due to lack of support in Crypto-C ME 4.1/MES 4.1.

Your RSA software contract might not grant you the right to develop

applications on all of the supported platforms listed. Contact your RSA sales

representative for information on the development platforms covered by your

contract.

Table 1 Primary Operating Environment Information (continued)

Operating System

CPU

Architecture

CPU

Size

Compiler Version

Operating Environment Information 7

RSA BSAFE SSL-J 6.2.6 Release Notes

Secondary Operating Environments

The following table lists the secondary operating environments which are not tested

with this release, but can be requested through RSA Customer Support.

Table 2 Secondary Operating Environment Information

Operating System

CPU

Architecture

CPU

Size

JVM

Apple

Mac OS X 10.8+ x86_64 64-bit Apple JDK 7.0

x86 32-bit

Canonical

Ubuntu 16.04 Server x86_64 64-bit IBM JDK 7.0, 7.1

OpenJDK 7u

Oracle JDK 7.0

x86 32-bit IBM JDK 7.0, 7.1

OpenJDK 7u

Oracle JDK 7.0, 9.0

(EA)

CentOS Project

CentOS 7.6 x86_64 64-bit IBM JDK 7.0, 7.1

OpenJDK 7u

Oracle JDK 7.0

CentOS 6.9 x86_64 64-bit IBM JDK 7.0, 7.1

OpenJDK 7u

Oracle JDK 7.0

FreeBSD Foundation

FreeBSD 11.x x86_64 64-bit OpenJDK 7u

FreeBSD 10.3 x86_64 64-bit OpenJDK 7u

Google

Android 6.x ARM v8 64-bit Android SDK 23

ARM v8 32-bit

ARM v7 32-bit

x86 32-bit

Android 5.x

ARM

32-bit Android SDK 21, 22

x86 32-bit

8 Operating Environment Information

RSA BSAFE SSL-J 6.2.6 Release Notes

Google (continued)

Android 4.4.x

ARM

32-bit Android SDK 19

x86 32-bit

HPE

HP-UX 11.31

Itanium

64-bit HP JDK 7.0, 8.0

32-bit

IBM

AIX 7.2 PowerPC 64-bit IBM JDK 7.0, 7.1

32-bit

AIX 7.1 PowerPC 64-bit IBM JDK 7.0, 7.1, 8.0

32-bit

AIX 6.1 PowerPC 64-bit IBM JDK 7.0, 8.0

32-bit

Micro Focus

SUSE Linux Enterprise Server

11 SP4

x86_64 64-bit IBM JDK 7.0, 7.1, 8.0

OpenJDK 7u, 8u

Oracle JDK 7.0, 8.0x86 32-bit

Microsoft

Windows 10 Enterprise x86 32-bit IBM JDK.7.0, 7.1, 8.0

Oracle JDK 7.0, 8.0

Windows 8.1 Enterprise x86_64 64-bit IBM JDK.7.0, 7.1

Oracle JDK 7.0

x86 32-bit IBM JDK.7.0, 7.1, 8.0

Oracle JDK 7.0, 8.0

Windows 7 Enterprise SP1 x86_64 64-bit IBM JDK.7.0, 7.1

Oracle JDK 7.0

x86 32-bit IBM JDK.7.0, 7.1, 8.0

Oracle JDK 7.0, 8.0

Windows Server 2016 x86_64 64-bit IBM JDK.7.0, 7.1

Oracle JDK 7.0

Table 2 Secondary Operating Environment Information (continued)

Operating System

CPU

Architecture

CPU

Size

JVM

Operating Environment Information 9

RSA BSAFE SSL-J 6.2.6 Release Notes

Microsoft (continued)

Windows Server 2012 R2 x86_64 64-bit IBM JDK.7.0, 7.1

Oracle JDK 7.0

Windows Server 2012 x86_64 64-bit IBM JDK.7.0, 7.1

Oracle JDK 7.0, 9.0.1

Windows Server 2008 SP2 x86_64 64-bit IBM JDK.7.0, 7.1

Oracle JDK 7.0, 9.0.1

x86 32-bit IBM JDK.7.0, 7.1, 8.0

Oracle JDK 7.0, 8.0

Windows Server 2008

(SSLF configuration)

x86_64 64-bit IBM JDK.7.0, 7.1

Oracle JDK 7.0

x86 32-bit IBM JDK.7.0, 7.1

Oracle JDK 7.0, 9.0.1

Oracle

Solaris 11 SPARC v9 64-bit Oracle JDK 7.0

SPARC v8+ 32-bit Oracle JDK 7.0, 8.0, 9.0.1

x86_64 64-bit Oracle JDK 7.0

x86 32-bit Oracle JDK 7.0, 8.0, 9.0.1

Solaris 10 SPARC v9 64-bit Oracle JDK 7.0

SPARC v8+ 32-bit Oracle JDK 7.0, 8.0, 9.0.1

x86_64 64-bit Oracle JDK 7.0, 9.0.1

x86 32-bit Oracle JDK 7.0, 8.0, 9.0.1

Red Hat

Enterprise Linux 7.6 x86_64 64-bit IBM JDK 7.0, 7.1

OpenJDK 7u

Oracle JDK 7.0

Enterprise Linux 6.9 x86_64 64-bit IBM JDK 7.0, 7.1, 8.0

OpenJDK 7u, 8.u

Oracle JDK 7.0, 8.0x86 32-bit

Early Adopter

Table 2 Secondary Operating Environment Information (continued)

Operating System

CPU

Architecture

CPU

Size

JVM

10 Operating Environment Information

RSA BSAFE SSL-J 6.2.6 Release Notes

Tested JDK Update Versions

The following table lists the supported primary platforms and operating systems, with

the tested JDK update version.

Discontinued Platforms

In this release of SSL-J, RSA discontinues support for the following:

• Apple Mac OSX 10.7 32-bit and 64-bit

• Apple Mac OSX 10.6 32-bit and 64-bit

• Canonical Ubuntu 14.04 Server 32-bit and 64-bit

• Oracle JRockit 6.0.

Table 3 Tested JDK Update Versions

Operating System CPU Compiler Version

Apple

Mac OS X 10.11+

All

Apple JDK 8.0 1.8.0_121.

Canonical Ubuntu

16.04 Server

64-bit IBM JDK 1.8.0_201

OpenJDK 1.8.0_191

Oracle JDK 1.8.0_74

32-bit IBM JDK 1.8.0_201

OpenJDK 1.8.0_121

Oracle JDK 1.8.0_74

CentOS Project CentOS

64-bit IBM JDK 1.8.0_201

OpenJDK 1.8.0_191

Oracle JDK 1.8.0_74

FreeBSD Foundation

FreeBSD

64-bit OpenJDK 1.8.0_181

IBM AIX

All IBM JDK 8.0 R28_20170314_2309_B340265

Micro Focus

SUSE Linux Enterprise

Server 12

64-bit OpenJDK 1.8.0_121

Oracle JDK 1.8.0_201

Microsoft Windows

64-bit IBM JDK 1.8.0 R28_Java8_SR3_20160719_1144_B312156

Oracle JDK1.8.0_201-b09

Oracle Solaris

SPARC v9

64-bit

Oracle JDK 1.8.0_201-b09

x86_64

64-bit

Oracle JDK 1.8.0_65

Red Hat Enterprise

Linux 7

64-bit IBM JDK 1.8.0_201

OpenJDK 1.8.0_1311

Oracle JDK 1.8.0_201-b09

Algorithms and Key Sizes 11

RSA BSAFE SSL-J 6.2.6 Release Notes

In the next release of SSL-J, RSA might discontinue support for any of the Secondary

Operating Environments.

For subsequent releases of SSL-J going forward, where a vendor discontinues

mainstream support for an operating system and platform combination, RSA

discontinues support from the same date.

Algorithms and Key Sizes

For the supported algorithms and key sizes, see “Algorithms and Key Sizes” in the

RSA BSAFE Crypto-J Release Notes.

12 Interoperability

RSA BSAFE SSL-J 6.2.6 Release Notes

Interoperability

Note: Interoperability was not specifically tested for this release of SSL-J.

While it is expected that the versions of the vendor products listed in the

following tables will work with this release of SSL-J, interoperability is not

guaranteed.

SSL-J operates on the application servers on the platforms shown below:

Table 4 Application Server Interoperability

Application Server Platforms

Apache™ Tomcat™

• 8.5

• 7.0.x

• Windows Server 2012 R2 x86_x64

• Solaris 11 SPARC v8+

• RHEL

AS 7.3 x86_64

Red Hat Enterprise Linux

IBM WebSphere

Application Server

• 8.5 • Windows 7 Enterprise SP1 x86

• Solaris 11 SPARC v8+

• RHEL AS 7.3 x86_64

Oracle WebLogic

Application Server

• 12c • Solaris 11 SPARC v8+

• RHEL AS 7.3 x86_64

• 11g • Solaris 11 SPARC v8 32-bit

• RHEL AS 7.3 x86

Red Hat WildFly

• 9.x

• 8.x

• Windows Server 2012 R2 x86_x64

• Solaris 11 SPARC v8+

• RHEL AS 7.3 x86_64

Red Hat JBoss

• 7.x • Windows Server 2012 R2 x86_x64

• Solaris 11 SPARC v8+

• RHEL AS 7.3 x86_64

• 6.x • Solaris 11 SPARC v8+

• RHEL AS 7.3 x86_64

Interoperability 13

RSA BSAFE SSL-J 6.2.6 Release Notes

SSL-J has been tested with Crypto-J under the following conditions:

• JCE and JCE FIPS:

– dynamic loading

– static loading.

The following table lists the vendor products that have been tested and interoperate

with SSL-J:

Table 5 Vendor Product Interoperability

Product Version

Apple Safari

11.1.2

Google Chrome

SSL-J 6.2

Crypto-J 6.2.5

RSA BSAFE Micro Edition Suite 4.1 and 4.4

IBM JSSE Provider 8

Microsoft Internet Information Service 7.0 and 8.5

Microsoft Internet Explorer

Mozilla

Firefox

OpenSSL 0.9.8zf, 1.0.2a and 1.1.1a

Oracle JSSE Provider 8

14 Cipher Suites

RSA BSAFE SSL-J 6.2.6 Release Notes

Cipher Suites

The following table details the supported cipher suites in this release of SSL-J.

• The Default column indicates whether the suite is enabled by default.

• The SuiteB column indicates whether the suite is available when operating in a

Suite B mode.

• The SSL and TLS columns indicate whether the suite is available when using the

relevant version of SSL or TLS.

Note: All of the listed supported cipher suites are available when operating in

FIPS140_SSL_MODE .

For a list of the deprecated cipher suites, see Deprecated Cipher Suites.

Table 6 Supported Cipher Suites

Cipher Suite Name

Default

SuiteB

SSLv3

TLSv1

TLSv1.1

TLSv1.2

TLS_DHE_DSS_WITH_AES_128_CBC_SHA Y N Y Y Y Y

TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 Y N N N N Y

TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 Y N N N N Y

TLS_DHE_DSS_WITH_AES_256_CBC_SHA Y N Y Y Y Y

TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Y N N N N Y

TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 Y N N N N Y

TLS_DHE_RSA_WITH_AES_128_CBC_SHA Y N Y Y Y Y

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 Y N N N N Y

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 Y N N N N Y

TLS_DHE_RSA_WITH_AES_256_CBC_SHA Y N Y Y Y Y

TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Y N N N N Y

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Y N N N N Y

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA Y Y N Y Y Y

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 Y Y N N N Y

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 Y Y N N N Y

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Y Y N Y Y Y

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Y Y N N N Y

Cipher Suites 15

RSA BSAFE SSL-J 6.2.6 Release Notes

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Y Y N N N Y

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Y N N Y Y Y

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Y N N N N Y

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Y N N N N Y

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Y N N Y Y Y

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Y N N N N Y

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Y N N N N Y

TLS_RSA_WITH_AES_128_CBC_SHA Y N Y Y Y Y

TLS_RSA_WITH_AES_128_CBC_SHA256 Y N N N N Y

TLS_RSA_WITH_AES_128_GCM_SHA256 Y N N N N Y

TLS_RSA_WITH_AES_256_CBC_SHA Y N Y Y Y Y

TLS_RSA_WITH_AES_256_CBC_SHA256 Y N N N N Y

TLS_RSA_WITH_AES_256_GCM_SHA384 Y N N N N Y

SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA N NYY Y Y

SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA N NYY Y Y

SSL_RSA_WITH_3DES_EDE_CBC_SHA N NYY Y Y

TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA N NNY Y Y

TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA N NNY Y Y

TLS_PSK_WITH_AES_128_GCM_SHA256 N NNN N Y

TLS_PSK_WITH_AES_256_CBC_SHA N NNY Y Y

TLS_PSK_WITH_AES_256_GCM_SHA384 N NNN N Y

Table 6 Supported Cipher Suites

Cipher Suite Name

Default

SuiteB

SSLv3

TLSv1

TLSv1.1

TLSv1.2

16 Cipher Suites

RSA BSAFE SSL-J 6.2.6 Release Notes

The following table details the supported cipher suites in this release of SSL-J which

have been deprecated and will be removed at some future time.

• The FIPS column indicates whether the suite is available when operating in

FIPS140_SSL_MODE .

• The SuiteB column indicates whether the suite is available when operating in a

Suite B mode.

• The SSL and TLS columns indicate whether the suite is available when using the

relevant version of SSL or TLS.

Note: None of the deprecated cipher suites is enabled by default.

Table 7 Deprecated Cipher Suites

Cipher Suite Name

FIPS

SuiteB

SSLv3

TLSv1

TLSv1.1

TLSv1.2

SSL_DH_anon_WITH_3DES_EDE_CBC_SHA Y N Y Y Y Y

SSL_DH_anon_WITH_DES_CBC_SHA N N Y Y N N

SSL_DH_anon_WITH_RC4_128_MD5 N N Y Y N N

SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA Y N Y Y Y Y

SSL_DH_DSS_WITH_DES_CBC_SHA N N Y Y N N

SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA Y N Y Y Y Y

SSL_DH_RSA_WITH_DES_CBC_SHA N N Y Y N N

SSL_DHE_DSS_WITH_DES_CBC_SHA N N Y Y N N

SSL_DHE_RSA_WITH_DES_CBC_SHA N N Y Y N N

SSL_NULL_WITH_NULL_NULL N N N N N N

SSL_RSA_WITH_DES_CBC_SHA N N Y Y N N

SSL_RSA_WITH_NULL_MD5 N N Y Y Y N

SSL_RSA_WITH_NULL_SHA Y N Y Y Y Y

SSL_RSA_WITH_RC4_128_MD5 N N Y Y N N

SSL_RSA_WITH_RC4_128_SHA N N Y Y N N

TLS_DH_anon_WITH_AES_128_CBC_SHA Y N Y Y Y Y

TLS_DH_anon_WITH_AES_128_CBC_SHA256 Y N N N N Y

TLS_DH_anon_WITH_AES_128_GCM_SHA256 Y N N N N Y

TLS_DH_anon_WITH_AES_256_CBC_SHA Y N Y Y Y Y

Cipher Suites 17

RSA BSAFE SSL-J 6.2.6 Release Notes

TLS_DH_anon_WITH_AES_256_CBC_SHA256 Y N N N N Y

TLS_DH_anon_WITH_AES_256_GCM_SHA384 Y N N N N Y

TLS_DH_DSS_WITH_AES_128_CBC_SHA Y N Y Y Y Y

TLS_DH_DSS_WITH_AES_128_CBC_SHA256 Y N N N N Y

TLS_DH_DSS_WITH_AES_128_GCM_SHA256 Y N N N N Y

TLS_DH_DSS_WITH_AES_256_CBC_SHA Y N Y Y Y Y

TLS_DH_DSS_WITH_AES_256_CBC_SHA256 Y N N N N Y

TLS_DH_DSS_WITH_AES_256_GCM_SHA384 Y N N N N Y

TLS_DH_RSA_WITH_AES_128_CBC_SHA Y N Y Y Y Y

TLS_DH_RSA_WITH_AES_128_CBC_SHA256 Y N N N N Y

TLS_DH_RSA_WITH_AES_128_GCM_SHA256 Y N N N N Y

TLS_DH_RSA_WITH_AES_256_CBC_SHA Y N Y Y Y Y

TLS_DH_RSA_WITH_AES_256_CBC_SHA256 Y N N N N Y

TLS_DH_RSA_WITH_AES_256_GCM_SHA384 Y N N N N Y

TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA Y N N Y Y Y

TLS_ECDH_anon_WITH_AES_128_CBC_SHA Y N N Y Y Y

TLS_ECDH_anon_WITH_AES_256_CBC_SHA Y N N Y Y Y

TLS_ECDH_anon_WITH_NULL_SHA Y N N Y Y Y

TLS_ECDH_anon_WITH_RC4_128_SHA N N N Y N N

TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA Y N N Y Y Y

TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA Y N N Y Y Y

TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 Y N N N N Y

TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 Y N N N N Y

TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA Y N N Y Y Y

TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Y N N N N Y

TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 Y N N N N Y

TLS_ECDH_ECDSA_WITH_NULL_SHA Y N N Y Y Y

Table 7 Deprecated Cipher Suites

Cipher Suite Name

FIPS

SuiteB

SSLv3

TLSv1

TLSv1.1

TLSv1.2

18 Cipher Suites

RSA BSAFE SSL-J 6.2.6 Release Notes

TLS_ECDH_ECDSA_WITH_RC4_128_SHA N N N Y N N

TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA Y N N Y Y Y

TLS_ECDH_RSA_WITH_AES_128_CBC_SHA Y N N Y Y Y

TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 Y N N N N Y

TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 Y N N N N Y

TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Y N N Y Y Y

TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Y N N N N Y

TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 Y N N N N Y

TLS_ECDH_RSA_WITH_NULL_SHA Y N N Y Y Y

TLS_ECDH_RSA_WITH_RC4_128_SHA N N N Y N N

TLS_ECDHE_ECDSA_WITH_NULL_SHA Y N N Y Y Y

TLS_ECDHE_ECDSA_WITH_RC4_128_SHA N N N Y N N

TLS_ECDHE_RSA_WITH_NULL_SHA Y N N Y Y Y

TLS_ECDHE_RSA_WITH_RC4_128_SHA N N N Y N N

TLS_RSA_WITH_NULL_SHA256 Y N N N N Y

Table 7 Deprecated Cipher Suites

Cipher Suite Name

FIPS

SuiteB

SSLv3

TLSv1

TLSv1.1

TLSv1.2

Enhancements and Resolved Issues 19

RSA BSAFE SSL-J 6.2.6 Release Notes

Enhancements and Resolved Issues

The following table lists the enhancements and resolved issues in this release of

SSL-J:

Known Issues

The following table lists the known issues in this release of SSL-J.

Table 8 Enhancements and Resolved Issue in SSL-J 6.2.6

ID Description

BSFSSLJ-504 Add support for JDK properties to configure the CertPath algorithm.

BSFSSLJ-464 Implement

X509ExtendedTrustManager.

Table 9 Known Issues

ID Description

BSFSSLJ-506 Sample Cert Revocation sample data must be updated.

BSFSSLJ-392

SSLContextImpl.engineInit() incorrectly processes the

trustManagers parameter.

BSFSSLJ-262 TLS clients do not support

ECDSA_sign client authentication for ECDH

cipher suites.

BSFSSLJ-261 TLS v1.1 server sends a certificate carrying a fixed DH key signed with

DSA for a DH_RSA cipher suite.

BSFSSLJ-240 Incorrect server certificate returned for TLSv1.2 when client does not send

a signature algorithm TLS extension.

20 Documentation

RSA BSAFE SSL-J 6.2.6 Release Notes

Documentation

The SSL-J documentation suite includes:

• This document, the RSA BSAFE SSL-J Release Notes, in Portable Document

Format (PDF), with the latest information on SSL-J.

• RSA BSAFE SSL-J Installation Guide, in PDF, with instructions on how to install

and build SSL-J.

• RSA BSAFE SSL-J Security Best Practices Guide, in PDF, that provides security

best practice recommendations and an overview of security configuration settings

available in SSL-J to help secure operations across a range of scenarios.

• RSA BSAFE SSL-J Security Policy, in PDF, that describes how SSL-J uses the

Crypto-J JSAFE and JCE Software Module, and how to operate SSL-J in a

manner consistent with the requirements of the cryptographic module.

• RSA BSAFE SSL-J Third-Party Licenses, in PDF, with license details for the

third-party software products used with SSL-J.

• RSA BSAFE SSL-J Troubleshooting Guide, in PDF, that provides information and

instructions for troubleshooting common issues with SSL-J.

• RSA BSAFE SSL-J Developers Guide, in HTML format, with information on how

to build SSL security into applications.

• The following Javadocs, in HTML format, provide Java API reference

information:

– RSA BSAFE SSLJ Javadoc

– RSA BSAFE JSSE Javadoc.

• Related product documentation consisting of:

– RSA BSAFE Cert-J 6.2.4 Release Notes, in PDF, with the latest information

on Cert-J.

– RSA BSAFE Cert-J 6.2.4 Security Policy, in PDF, which describes how Cert-J

uses the Crypto-J JSAFE and JCE Software Module, and how to operate

Cert-J in a manner consistent with the requirements of the cryptographic

module.

– RSA BSAFE Crypto-C Micro Edition 4.1 Security Policy documents, Level 1

and Level 2, in PDF, which describe how the Crypto-C ME Cryptographic

Module meets the Level 1 security requirements of FIPS 140-2, the Level 2

security requirements of FIPS 140-2 for Roles, Authentication and Services,

and Level 3 security requirements for Design Assurance, and how to securely

operate it.

– RSA BSAFE Crypto-J 6.2.5 Release Notes, in PDF, with the latest information

about Crypto-J.

– RSA BSAFE Crypto-J 6.2.5 FIPS Compliance Guide, in PDF, which describes

how Crypto-J uses the Crypto-J JSAFE and JCE Software Module, and how

to operate Crypto-J in a manner consistent with the requirements of the

cryptographic module.

Page is loading ...

Dell BSAFE SSL-J Owner's manual

Dell BSAFE SSL-J Owner's manual

Dell BSAFE SSL-J Owner's manual

Related papers

Other documents