Java SE 7 vs 8 TLS SSL Cipher Support

Recent news from Oracle indicates that free public support (bug fixes and security updates) will currently only be provided for Java SE 8.x (as of May 2016). This is a smart move for Oracle for many reasons – one being an attempt to force users and developers to migrate away from old vulnerable versions of Java (the java plugin is a top malware target). Unfortunately, Oracle is still not providing a free capability to automatically update Java client installs to the latest security fix release.

Another huge reason to migrate ALL servers and client systems to the latest Java 8.x release – TLS and SSL cipher support compatibility. Recent industry migrations to new cipher suites and newer TLS versions are increasing security for Internet communications, but this is causing difficult-to-troubleshoot compatibility issues for Java 7.x and older which don’t ship with default support for the newer server ciphers and may leave newer TLS versions disabled.

Moral of the story … upgrade ALL your server and client Java installs to Java SE 8.x – the sooner the better. If you’re having trouble connecting with a Java client or server program, double-check which version of Java is being used – all clients and servers should be running 8.x for your best chances of security compliance and cipher/TLS compatibility.

For some technical details on cipher and TLS default support with each Java SE version along with troubleshooting tips, see the following Oracle article: Diagnosing TLS, SSL, and HTTPS. Good luck with your Java SE TLS/SSL tasks!

Advertisements

About notesbytom

Keeping technology notes on WordPress.com to free up my mind to solve new problems rather than figuring out the same ones repeatedly :-).
This entry was posted in System Administration and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s