Dell BSAFE SSL-J Owner's manual

  • Hello! I am an AI chatbot trained to assist you with the Dell BSAFE SSL-J Owner's manual. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
December 2019 Copyright © 2019 Dell Inc. or its subsidiaries. All rights reserved. 1
Release Notes
17.12.19
RSA BSAFE
®
SSL-J 6.2.6 Release Notes
This document summarizes the features of RSA BSAFE SSL-J 6.2.6 (SSL-J). It
outlines the new features, platform information, and resolved and known issues.
Note: All SSLJ APIs are deprecated. The APIs are available for use, and will
be removed at some future time. RSA recommends replacing the SSLJ APIs
with the public JSSE API and the Certificate API in RSA BSAFE Crypto-J
(Crypto-J).
Contents:
New Features ................................................................................................... 2
Changes ............................................................................................................ 2
Related Products .............................................................................................. 2
FIPS 140-2 Status ............................................................................................ 3
Operating Environment Information .............................................................. 4
Primary Operating Environments ............................................................ 4
Secondary Operating Environments ...................................................... 7
Tested JDK Update Versions ................................................................ 10
Discontinued Platforms .......................................................................... 11
Algorithms and Key Sizes ............................................................................. 11
Interoperability ................................................................................................ 12
Cipher Suites .................................................................................................. 14
Enhancements and Resolved Issues .......................................................... 19
Known Issues ................................................................................................. 19
Documentation ............................................................................................... 20
Support and Service ...................................................................................... 22
2 New Features
RSA BSAFE SSL-J 6.2.6 Release Notes
New Features
This release of SSL-J is designed to provide the following new feature.
Added support for the standard JDK security property
jdk.certpath.disa bledAlgorit hms.
Changes
This release of SSL-J is designed to include fixes for specific issues.
For more information, see Enhancements and Resolved Issues.
Related Products
This release of SSL-J must be used with:
Crypto-J 6.2.5, which includes the FIPS 140 validated Java Cryptographic
Module (JCM).
RSA BSAFE Cert-J 6.2.4 (Cert-J) to provide access to the CertJ API objects.
Note: All CertJ APIs are deprecated. The APIs are available for use, and
will be removed at some future time. RSA recommends replacing the
CertJ APIs with the public JCE API and the Certificate API in Crypto-J.
RSA BSAFE Crypto-C Micro Edition 4.1 (Crypto-C ME) to provide native crypto
support.
Use of other versions of these products might work, but support is not guaranteed.
FIPS 140-2 Status 3
RSA BSAFE SSL-J 6.2.6 Release Notes
FIPS 140-2 Status
FIPS 140-2 (Federal Information Processing Standards Publication 140-2 - Security
Requirements for Cryptographic Modules) details the United States Government
requirements for cryptographic modules. For more information about the FIPS 140-2
standard and validation program, see the FIPS 140-2 page on the NIST Web site.
The FIPS 140-2 validated configurations of this release inherit their FIPS 140-2 status
from the RSA BSAFE Crypto-J JSAFE and JCE Software Module 6.2.5 (Crypto-J
JSAFE and JCE Software Module).
For more information, and the complete list of FIPS 140-2 tested and vendor affirmed
operating environments, and for detailed information about the Crypto-J JSAFE and
JCE Software Module and the secure operation of SSL-J, see the Security Policy
documents included with this release.
For details about the toolkit configuration and cryptographic implementation of
SSL-J, see the About the SSL-J Toolkit section of the RSA BSAFE SSL-J Installation
Guide.
4 Operating Environment Information
RSA BSAFE SSL-J 6.2.6 Release Notes
Operating Environment Information
Operating environment support for SSL-J is separated into two categories:
Primary Operating Environments: SSL-J is designed and tested to support these
operating environments at the time of release.
Secondary Operating Environments: these operating environments are not tested
with this release. These operating environments are expected to work, but support
is not guaranteed. If any issues are found, a specific request for investigation can
be made through RSA Customer Support.
Tested JDK Update Versions: lists the tested JDK update versions for the
supported primary platforms and operating systems.
Primary Operating Environments
The following table lists the platforms and operating systems supported by SSL-J at
the time of release, and details compiler information.
Table 1 Primary Operating Environment Information
Operating System
CPU
Architecture
CPU
Size
Compiler Version
Apple
®
Mac OS
®
X 10.11+
x86_64 64-bit Apple JDK 8.0
x86 32-bit
Canonical
®
Ubuntu
®
16.04 Server x86_64
64-bit
IBM
®
JDK 8.0
OpenJDK 8u
Oracle
®
JDK 8.0, 9.0.1
x86 32-bit IBM JDK 8.0
OpenJDK 8u
Oracle JDK 8.0
CentOS™ Project
CentOS 7.6 x86_64 64-bit IBM JDK 8.0
OpenJDK 8u
Oracle JDK 8.0, 9.0.1
CentOS 6.10 x86_64 64-bit IBM JDK 8.0
OpenJDK 8u
Oracle JDK 8.0, 9.0.1
FreeBSD
®
Foundation
FreeBSD 11.x x86_64 64-bit OpenJDK 8u
Operating Environment Information 5
RSA BSAFE SSL-J 6.2.6 Release Notes
Google
®
Android™ 9.0
ARM
®
v8-A 64-bit
Android SDK 28
Android 8.x ARM v8 64-bit Android SDK 26, 27
ARM v8 32-bit
ARM v7 32-bit
x86 32-bit
Android 7.x ARM v8 64-bit Android SDK 24. 25
ARM v8 32-bit
ARM v7 32-bit
x86 32-bit
IBM
AIX
®
7.2 PowerPC
®
64-bit IBM JDK 8.0
PowerPC 32-bit
Micro Focus
®
SUSE
®
Linux
®
Enterprise Server
12 SP5
1
, SP4
1
, SP3, SP2
x86_64 64-bit IBM JDK 8.0
OpenJDK 8u
Oracle JDK 8.0, 9.0.1
Microsoft
®
Windows
®
10 Enterprise
x86_64 64-bit IBM JDK 8.0
Oracle JDK 8.0, 9.0.1
Windows 8.1 Enterprise x86_64 64-bit IBM JDK 8.0
Oracle JDK 8.0, 9.0.1
Windows 7 Enterprise SP1 x86_64 64-bit IBM JDK. 8.0
Oracle JDK 8.0, 9.0.1
Windows Server 2016 x86_64 64-bit IBM JDK 8.0
Oracle JDK 8.0, 9.0.1
Windows Server 2012 R2 x86_64 64-bit IBM JDK 8.0
Oracle JDK 8.0, 9.0.1
Windows Server 2012 x86_64 64-bit IBM JDK 8.0
Oracle JDK 8.0, 9.0.1
Table 1 Primary Operating Environment Information (continued)
Operating System
CPU
Architecture
CPU
Size
Compiler Version
6 Operating Environment Information
RSA BSAFE SSL-J 6.2.6 Release Notes
Microsoft (continued)
Windows Server 2008 SP2 x86_64 64-bit IBM JDK. 8.0
Oracle JDK 8.0
Windows Server 2008
(SSLF configuration)
x86_64 64-bit IBM JDK 8.0
Oracle JDK 8.0
Oracle
Solaris
®
11 SPARC
®
v9
64-bit IBM JDK 8.0
Oracle JDK 8.0, 9.0.1
x86_64 64-bit Oracle JDK8.0
Solaris 10 SPARC v9 64-bit IBM JDK 8.0
Oracle JDK 8.0
x86_64 64-bit Oracle JDK8.0
Red Hat
®
Enterprise Linux 7.6 x86_64 64-bit IBM JDK 8.0
OpenJDK 8u
Oracle JDK 8.0, 9.0.1
1
No Native support, due to lack of support in Crypto-C ME 4.1/MES 4.1.
Your RSA software contract might not grant you the right to develop
applications on all of the supported platforms listed. Contact your RSA sales
representative for information on the development platforms covered by your
contract.
Table 1 Primary Operating Environment Information (continued)
Operating System
CPU
Architecture
CPU
Size
Compiler Version
Operating Environment Information 7
RSA BSAFE SSL-J 6.2.6 Release Notes
Secondary Operating Environments
The following table lists the secondary operating environments which are not tested
with this release, but can be requested through RSA Customer Support.
Table 2 Secondary Operating Environment Information
Operating System
CPU
Architecture
CPU
Size
JVM
Apple
Mac OS X 10.8+ x86_64 64-bit Apple JDK 7.0
x86 32-bit
Canonical
Ubuntu 16.04 Server x86_64 64-bit IBM JDK 7.0, 7.1
OpenJDK 7u
Oracle JDK 7.0
x86 32-bit IBM JDK 7.0, 7.1
OpenJDK 7u
Oracle JDK 7.0, 9.0
1
(EA)
CentOS Project
CentOS 7.6 x86_64 64-bit IBM JDK 7.0, 7.1
OpenJDK 7u
Oracle JDK 7.0
CentOS 6.9 x86_64 64-bit IBM JDK 7.0, 7.1
OpenJDK 7u
Oracle JDK 7.0
FreeBSD Foundation
FreeBSD 11.x x86_64 64-bit OpenJDK 7u
FreeBSD 10.3 x86_64 64-bit OpenJDK 7u
Google
Android 6.x ARM v8 64-bit Android SDK 23
ARM v8 32-bit
ARM v7 32-bit
x86 32-bit
Android 5.x
ARM
v7
32-bit Android SDK 21, 22
x86 32-bit
8 Operating Environment Information
RSA BSAFE SSL-J 6.2.6 Release Notes
Google (continued)
Android 4.4.x
ARM
v7
32-bit Android SDK 19
x86 32-bit
HPE
HP-UX 11.31
Itanium
®
2
64-bit HP JDK 7.0, 8.0
32-bit
IBM
AIX 7.2 PowerPC 64-bit IBM JDK 7.0, 7.1
32-bit
AIX 7.1 PowerPC 64-bit IBM JDK 7.0, 7.1, 8.0
32-bit
AIX 6.1 PowerPC 64-bit IBM JDK 7.0, 8.0
32-bit
Micro Focus
SUSE Linux Enterprise Server
11 SP4
x86_64 64-bit IBM JDK 7.0, 7.1, 8.0
OpenJDK 7u, 8u
Oracle JDK 7.0, 8.0x86 32-bit
Microsoft
Windows 10 Enterprise x86 32-bit IBM JDK.7.0, 7.1, 8.0
Oracle JDK 7.0, 8.0
Windows 8.1 Enterprise x86_64 64-bit IBM JDK.7.0, 7.1
Oracle JDK 7.0
x86 32-bit IBM JDK.7.0, 7.1, 8.0
Oracle JDK 7.0, 8.0
Windows 7 Enterprise SP1 x86_64 64-bit IBM JDK.7.0, 7.1
Oracle JDK 7.0
x86 32-bit IBM JDK.7.0, 7.1, 8.0
Oracle JDK 7.0, 8.0
Windows Server 2016 x86_64 64-bit IBM JDK.7.0, 7.1
Oracle JDK 7.0
Table 2 Secondary Operating Environment Information (continued)
Operating System
CPU
Architecture
CPU
Size
JVM
Operating Environment Information 9
RSA BSAFE SSL-J 6.2.6 Release Notes
Microsoft (continued)
Windows Server 2012 R2 x86_64 64-bit IBM JDK.7.0, 7.1
Oracle JDK 7.0
Windows Server 2012 x86_64 64-bit IBM JDK.7.0, 7.1
Oracle JDK 7.0, 9.0.1
Windows Server 2008 SP2 x86_64 64-bit IBM JDK.7.0, 7.1
Oracle JDK 7.0, 9.0.1
x86 32-bit IBM JDK.7.0, 7.1, 8.0
Oracle JDK 7.0, 8.0
Windows Server 2008
(SSLF configuration)
x86_64 64-bit IBM JDK.7.0, 7.1
Oracle JDK 7.0
x86 32-bit IBM JDK.7.0, 7.1
Oracle JDK 7.0, 9.0.1
Oracle
Solaris 11 SPARC v9 64-bit Oracle JDK 7.0
SPARC v8+ 32-bit Oracle JDK 7.0, 8.0, 9.0.1
x86_64 64-bit Oracle JDK 7.0
x86 32-bit Oracle JDK 7.0, 8.0, 9.0.1
Solaris 10 SPARC v9 64-bit Oracle JDK 7.0
SPARC v8+ 32-bit Oracle JDK 7.0, 8.0, 9.0.1
x86_64 64-bit Oracle JDK 7.0, 9.0.1
x86 32-bit Oracle JDK 7.0, 8.0, 9.0.1
Red Hat
Enterprise Linux 7.6 x86_64 64-bit IBM JDK 7.0, 7.1
OpenJDK 7u
Oracle JDK 7.0
Enterprise Linux 6.9 x86_64 64-bit IBM JDK 7.0, 7.1, 8.0
OpenJDK 7u, 8.u
Oracle JDK 7.0, 8.0x86 32-bit
1
Early Adopter
Table 2 Secondary Operating Environment Information (continued)
Operating System
CPU
Architecture
CPU
Size
JVM
10 Operating Environment Information
RSA BSAFE SSL-J 6.2.6 Release Notes
Tested JDK Update Versions
The following table lists the supported primary platforms and operating systems, with
the tested JDK update version.
Discontinued Platforms
In this release of SSL-J, RSA discontinues support for the following:
Apple Mac OSX 10.7 32-bit and 64-bit
Apple Mac OSX 10.6 32-bit and 64-bit
Canonical Ubuntu 14.04 Server 32-bit and 64-bit
Oracle JRockit 6.0.
Table 3 Tested JDK Update Versions
Operating System CPU Compiler Version
Apple
Mac OS X 10.11+
All
Apple JDK 8.0 1.8.0_121.
Canonical Ubuntu
16.04 Server
64-bit IBM JDK 1.8.0_201
OpenJDK 1.8.0_191
Oracle JDK 1.8.0_74
32-bit IBM JDK 1.8.0_201
OpenJDK 1.8.0_121
Oracle JDK 1.8.0_74
CentOS Project CentOS
64-bit IBM JDK 1.8.0_201
OpenJDK 1.8.0_191
Oracle JDK 1.8.0_74
FreeBSD Foundation
FreeBSD
64-bit OpenJDK 1.8.0_181
IBM AIX
All IBM JDK 8.0 R28_20170314_2309_B340265
Micro Focus
SUSE Linux Enterprise
Server 12
64-bit OpenJDK 1.8.0_121
Oracle JDK 1.8.0_201
Microsoft Windows
64-bit IBM JDK 1.8.0 R28_Java8_SR3_20160719_1144_B312156
Oracle JDK1.8.0_201-b09
Oracle Solaris
SPARC v9
64-bit
Oracle JDK 1.8.0_201-b09
x86_64
64-bit
Oracle JDK 1.8.0_65
Red Hat Enterprise
Linux 7
64-bit IBM JDK 1.8.0_201
OpenJDK 1.8.0_1311
Oracle JDK 1.8.0_201-b09
Algorithms and Key Sizes 11
RSA BSAFE SSL-J 6.2.6 Release Notes
In the next release of SSL-J, RSA might discontinue support for any of the Secondary
Operating Environments.
For subsequent releases of SSL-J going forward, where a vendor discontinues
mainstream support for an operating system and platform combination, RSA
discontinues support from the same date.
Algorithms and Key Sizes
For the supported algorithms and key sizes, see “Algorithms and Key Sizes” in the
RSA BSAFE Crypto-J Release Notes.
12 Interoperability
RSA BSAFE SSL-J 6.2.6 Release Notes
Interoperability
Note: Interoperability was not specifically tested for this release of SSL-J.
While it is expected that the versions of the vendor products listed in the
following tables will work with this release of SSL-J, interoperability is not
guaranteed.
SSL-J operates on the application servers on the platforms shown below:
Table 4 Application Server Interoperability
Application Server Platforms
Apache™ Tomcat™
8.5
7.0.x
Windows Server 2012 R2 x86_x64
Solaris 11 SPARC v8+
RHEL
1
AS 7.3 x86_64
1
Red Hat Enterprise Linux
IBM WebSphere
®
Application Server
8.5 Windows 7 Enterprise SP1 x86
Solaris 11 SPARC v8+
RHEL AS 7.3 x86_64
Oracle WebLogic
®
Application Server
12c Solaris 11 SPARC v8+
RHEL AS 7.3 x86_64
11g Solaris 11 SPARC v8 32-bit
RHEL AS 7.3 x86
Red Hat WildFly
®
9.x
8.x
Windows Server 2012 R2 x86_x64
Solaris 11 SPARC v8+
RHEL AS 7.3 x86_64
Red Hat JBoss
®
AS
7.x Windows Server 2012 R2 x86_x64
Solaris 11 SPARC v8+
RHEL AS 7.3 x86_64
6.x Solaris 11 SPARC v8+
RHEL AS 7.3 x86_64
Interoperability 13
RSA BSAFE SSL-J 6.2.6 Release Notes
SSL-J has been tested with Crypto-J under the following conditions:
JCE and JCE FIPS:
dynamic loading
static loading.
The following table lists the vendor products that have been tested and interoperate
with SSL-J:
Table 5 Vendor Product Interoperability
Product Version
Apple Safari
®
11.1.2
Google Chrome
®
75
SSL-J 6.2
Crypto-J 6.2.5
RSA BSAFE Micro Edition Suite 4.1 and 4.4
IBM JSSE Provider 8
Microsoft Internet Information Service 7.0 and 8.5
Microsoft Internet Explorer
®
11
Mozilla
®
Firefox
®
67
OpenSSL 0.9.8zf, 1.0.2a and 1.1.1a
Oracle JSSE Provider 8
14 Cipher Suites
RSA BSAFE SSL-J 6.2.6 Release Notes
Cipher Suites
The following table details the supported cipher suites in this release of SSL-J.
The Default column indicates whether the suite is enabled by default.
The SuiteB column indicates whether the suite is available when operating in a
Suite B mode.
The SSL and TLS columns indicate whether the suite is available when using the
relevant version of SSL or TLS.
Note: All of the listed supported cipher suites are available when operating in
FIPS140_SSL_MODE .
For a list of the deprecated cipher suites, see Deprecated Cipher Suites.
Table 6 Supported Cipher Suites
Cipher Suite Name
Default
SuiteB
SSLv3
TLSv1
TLSv1.1
TLSv1.2
TLS_DHE_DSS_WITH_AES_128_CBC_SHA Y N Y Y Y Y
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 Y N N N N Y
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 Y N N N N Y
TLS_DHE_DSS_WITH_AES_256_CBC_SHA Y N Y Y Y Y
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Y N N N N Y
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 Y N N N N Y
TLS_DHE_RSA_WITH_AES_128_CBC_SHA Y N Y Y Y Y
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 Y N N N N Y
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 Y N N N N Y
TLS_DHE_RSA_WITH_AES_256_CBC_SHA Y N Y Y Y Y
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Y N N N N Y
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Y N N N N Y
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA Y Y N Y Y Y
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 Y Y N N N Y
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 Y Y N N N Y
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Y Y N Y Y Y
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Y Y N N N Y
Cipher Suites 15
RSA BSAFE SSL-J 6.2.6 Release Notes
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Y Y N N N Y
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Y N N Y Y Y
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Y N N N N Y
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Y N N N N Y
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Y N N Y Y Y
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Y N N N N Y
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Y N N N N Y
TLS_RSA_WITH_AES_128_CBC_SHA Y N Y Y Y Y
TLS_RSA_WITH_AES_128_CBC_SHA256 Y N N N N Y
TLS_RSA_WITH_AES_128_GCM_SHA256 Y N N N N Y
TLS_RSA_WITH_AES_256_CBC_SHA Y N Y Y Y Y
TLS_RSA_WITH_AES_256_CBC_SHA256 Y N N N N Y
TLS_RSA_WITH_AES_256_GCM_SHA384 Y N N N N Y
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA N NYY Y Y
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA N NYY Y Y
SSL_RSA_WITH_3DES_EDE_CBC_SHA N NYY Y Y
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA N NNY Y Y
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA N NNY Y Y
TLS_PSK_WITH_AES_128_GCM_SHA256 N NNN N Y
TLS_PSK_WITH_AES_256_CBC_SHA N NNY Y Y
TLS_PSK_WITH_AES_256_GCM_SHA384 N NNN N Y
Table 6 Supported Cipher Suites
Cipher Suite Name
Default
SuiteB
SSLv3
TLSv1
TLSv1.1
TLSv1.2
16 Cipher Suites
RSA BSAFE SSL-J 6.2.6 Release Notes
The following table details the supported cipher suites in this release of SSL-J which
have been deprecated and will be removed at some future time.
The FIPS column indicates whether the suite is available when operating in
FIPS140_SSL_MODE .
The SuiteB column indicates whether the suite is available when operating in a
Suite B mode.
The SSL and TLS columns indicate whether the suite is available when using the
relevant version of SSL or TLS.
Note: None of the deprecated cipher suites is enabled by default.
Table 7 Deprecated Cipher Suites
Cipher Suite Name
FIPS
SuiteB
SSLv3
TLSv1
TLSv1.1
TLSv1.2
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA Y N Y Y Y Y
SSL_DH_anon_WITH_DES_CBC_SHA N N Y Y N N
SSL_DH_anon_WITH_RC4_128_MD5 N N Y Y N N
SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA Y N Y Y Y Y
SSL_DH_DSS_WITH_DES_CBC_SHA N N Y Y N N
SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA Y N Y Y Y Y
SSL_DH_RSA_WITH_DES_CBC_SHA N N Y Y N N
SSL_DHE_DSS_WITH_DES_CBC_SHA N N Y Y N N
SSL_DHE_RSA_WITH_DES_CBC_SHA N N Y Y N N
SSL_NULL_WITH_NULL_NULL N N N N N N
SSL_RSA_WITH_DES_CBC_SHA N N Y Y N N
SSL_RSA_WITH_NULL_MD5 N N Y Y Y N
SSL_RSA_WITH_NULL_SHA Y N Y Y Y Y
SSL_RSA_WITH_RC4_128_MD5 N N Y Y N N
SSL_RSA_WITH_RC4_128_SHA N N Y Y N N
TLS_DH_anon_WITH_AES_128_CBC_SHA Y N Y Y Y Y
TLS_DH_anon_WITH_AES_128_CBC_SHA256 Y N N N N Y
TLS_DH_anon_WITH_AES_128_GCM_SHA256 Y N N N N Y
TLS_DH_anon_WITH_AES_256_CBC_SHA Y N Y Y Y Y
Cipher Suites 17
RSA BSAFE SSL-J 6.2.6 Release Notes
TLS_DH_anon_WITH_AES_256_CBC_SHA256 Y N N N N Y
TLS_DH_anon_WITH_AES_256_GCM_SHA384 Y N N N N Y
TLS_DH_DSS_WITH_AES_128_CBC_SHA Y N Y Y Y Y
TLS_DH_DSS_WITH_AES_128_CBC_SHA256 Y N N N N Y
TLS_DH_DSS_WITH_AES_128_GCM_SHA256 Y N N N N Y
TLS_DH_DSS_WITH_AES_256_CBC_SHA Y N Y Y Y Y
TLS_DH_DSS_WITH_AES_256_CBC_SHA256 Y N N N N Y
TLS_DH_DSS_WITH_AES_256_GCM_SHA384 Y N N N N Y
TLS_DH_RSA_WITH_AES_128_CBC_SHA Y N Y Y Y Y
TLS_DH_RSA_WITH_AES_128_CBC_SHA256 Y N N N N Y
TLS_DH_RSA_WITH_AES_128_GCM_SHA256 Y N N N N Y
TLS_DH_RSA_WITH_AES_256_CBC_SHA Y N Y Y Y Y
TLS_DH_RSA_WITH_AES_256_CBC_SHA256 Y N N N N Y
TLS_DH_RSA_WITH_AES_256_GCM_SHA384 Y N N N N Y
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA Y N N Y Y Y
TLS_ECDH_anon_WITH_AES_128_CBC_SHA Y N N Y Y Y
TLS_ECDH_anon_WITH_AES_256_CBC_SHA Y N N Y Y Y
TLS_ECDH_anon_WITH_NULL_SHA Y N N Y Y Y
TLS_ECDH_anon_WITH_RC4_128_SHA N N N Y N N
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA Y N N Y Y Y
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA Y N N Y Y Y
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 Y N N N N Y
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 Y N N N N Y
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA Y N N Y Y Y
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Y N N N N Y
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 Y N N N N Y
TLS_ECDH_ECDSA_WITH_NULL_SHA Y N N Y Y Y
Table 7 Deprecated Cipher Suites
Cipher Suite Name
FIPS
SuiteB
SSLv3
TLSv1
TLSv1.1
TLSv1.2
18 Cipher Suites
RSA BSAFE SSL-J 6.2.6 Release Notes
TLS_ECDH_ECDSA_WITH_RC4_128_SHA N N N Y N N
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA Y N N Y Y Y
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA Y N N Y Y Y
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 Y N N N N Y
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 Y N N N N Y
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Y N N Y Y Y
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Y N N N N Y
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 Y N N N N Y
TLS_ECDH_RSA_WITH_NULL_SHA Y N N Y Y Y
TLS_ECDH_RSA_WITH_RC4_128_SHA N N N Y N N
TLS_ECDHE_ECDSA_WITH_NULL_SHA Y N N Y Y Y
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA N N N Y N N
TLS_ECDHE_RSA_WITH_NULL_SHA Y N N Y Y Y
TLS_ECDHE_RSA_WITH_RC4_128_SHA N N N Y N N
TLS_RSA_WITH_NULL_SHA256 Y N N N N Y
Table 7 Deprecated Cipher Suites
Cipher Suite Name
FIPS
SuiteB
SSLv3
TLSv1
TLSv1.1
TLSv1.2
Enhancements and Resolved Issues 19
RSA BSAFE SSL-J 6.2.6 Release Notes
Enhancements and Resolved Issues
The following table lists the enhancements and resolved issues in this release of
SSL-J:
Known Issues
The following table lists the known issues in this release of SSL-J.
Table 8 Enhancements and Resolved Issue in SSL-J 6.2.6
ID Description
BSFSSLJ-504 Add support for JDK properties to configure the CertPath algorithm.
BSFSSLJ-464 Implement
X509ExtendedTrustManager.
Table 9 Known Issues
ID Description
BSFSSLJ-506 Sample Cert Revocation sample data must be updated.
BSFSSLJ-392
SSLContextImpl.engineInit() incorrectly processes the
trustManagers parameter.
BSFSSLJ-262 TLS clients do not support
ECDSA_sign client authentication for ECDH
cipher suites.
BSFSSLJ-261 TLS v1.1 server sends a certificate carrying a fixed DH key signed with
DSA for a DH_RSA cipher suite.
BSFSSLJ-240 Incorrect server certificate returned for TLSv1.2 when client does not send
a signature algorithm TLS extension.
20 Documentation
RSA BSAFE SSL-J 6.2.6 Release Notes
Documentation
The SSL-J documentation suite includes:
This document, the RSA BSAFE SSL-J Release Notes, in Portable Document
Format (PDF), with the latest information on SSL-J.
RSA BSAFE SSL-J Installation Guide, in PDF, with instructions on how to install
and build SSL-J.
RSA BSAFE SSL-J Security Best Practices Guide, in PDF, that provides security
best practice recommendations and an overview of security configuration settings
available in SSL-J to help secure operations across a range of scenarios.
RSA BSAFE SSL-J Security Policy, in PDF, that describes how SSL-J uses the
Crypto-J JSAFE and JCE Software Module, and how to operate SSL-J in a
manner consistent with the requirements of the cryptographic module.
RSA BSAFE SSL-J Third-Party Licenses, in PDF, with license details for the
third-party software products used with SSL-J.
RSA BSAFE SSL-J Troubleshooting Guide, in PDF, that provides information and
instructions for troubleshooting common issues with SSL-J.
RSA BSAFE SSL-J Developers Guide, in HTML format, with information on how
to build SSL security into applications.
The following Javadocs, in HTML format, provide Java API reference
information:
RSA BSAFE SSLJ Javadoc
RSA BSAFE JSSE Javadoc.
Related product documentation consisting of:
RSA BSAFE Cert-J 6.2.4 Release Notes, in PDF, with the latest information
on Cert-J.
RSA BSAFE Cert-J 6.2.4 Security Policy, in PDF, which describes how Cert-J
uses the Crypto-J JSAFE and JCE Software Module, and how to operate
Cert-J in a manner consistent with the requirements of the cryptographic
module.
RSA BSAFE Crypto-C Micro Edition 4.1 Security Policy documents, Level 1
and Level 2, in PDF, which describe how the Crypto-C ME Cryptographic
Module meets the Level 1 security requirements of FIPS 140-2, the Level 2
security requirements of FIPS 140-2 for Roles, Authentication and Services,
and Level 3 security requirements for Design Assurance, and how to securely
operate it.
RSA BSAFE Crypto-J 6.2.5 Release Notes, in PDF, with the latest information
about Crypto-J.
RSA BSAFE Crypto-J 6.2.5 FIPS Compliance Guide, in PDF, which describes
how Crypto-J uses the Crypto-J JSAFE and JCE Software Module, and how
to operate Crypto-J in a manner consistent with the requirements of the
cryptographic module.
/