Skip to main content

SSL Renegotiation Issue Fixed in JDK1.6.0_22

Posted by kumarjayanti on November 18, 2010 at 4:46 AM PST

 GlassFish users who make use of CLIENT-CERT authentication with SSL  in their JavaEE applications  should consider upgrading to JDK1.6.0_22. The good news is that JDK1.6.0_22 contains a full fix for  the renegotiation protocol flaw in SSL (The IETF issued RFC 5746 ).  A fix which implements RFC 5746 and supports secure renegotiation.

More details are here : http://www.oracle.com/technetwork/java/javase/documentation/tlsreadme2-176330.html

Related Topics >>

Comments

SSL Renegotiation Issue Fixed

Hello, could you pls take a look at this:

EJB and SSL: http://www.java.net/forum/topic/glassfish/glassfish/ejb-and-ssl-0.
This is on SJSAS 9_01 (GF 2 equivalent)

And also, in GF 3.0.1, i'm getting "Password verification failed" without even needing SSL: http://www.java.net/forum/topic/glassfish/glassfish/gf3-and-appclient-pa...

Thanks.