Dell BSAFE SSL-J 7.2 Release Advisory

Summary: Dell BSAFE SSL-J 7.2 is now available. This release integrates Dell BSAFE Crypto Module for Java 7.0 as its underlying FIPS 140-3 provider.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

Initially published on December 20, 2023.

Announcement

The Dell BSAFE Product Team announces the release and general availability of Dell BSAFE SSL-J 7.2. This release integrates Dell BSAFE Crypto-J 7.0, with Dell BSAFE Crypto Module for Java 7.0 as its underlying FIPS 140-3 provider *.

This release does not address any security issue. The following describes the major changes.

The default TLS cipher suite list has been updated to remove cipher suites using SHA-1 signatures, AES-CBC for encryption or DHE for key agreement.

SSL-J 7.2 ships with and integrates BSAFE Crypto-J 7.0 and has also been tested to work with Crypto-J 6.2.6.1 and 6.3.

Initial support for Java 17, using OpenJDK 17, has been added. Crypto-J has not been individually tested with Java 17. Please report any issue you may run into.

Support for the following JDK and proprietary properties have been added. Some were added in SSL-J 7.1.1:
  • jdk.tls.client.enableCAExtension
  • jdk.tls.server.protocols
  • jdk.tls.client.protocols
  • jdk.tls.client.cipherSuites
  • jdk.tls.server.cipherSuites
  • com.rsa.ssl.eku.required
  • com.rsa.ssl.eku.ignoreAnyExtendedKeyUsage
  • com.rsa.ssl.allowNullClientAlias
  • com.rsa.ssl.allowNonMatchingCACert
  • jdk.tls.ephemeralDHKeySize
Support and implementation for the following proprietary property has been removed:
  • com.rsa.jsse.FIPS140Role
Maximum DH key size support has been increased from 4096-bit to 8192-bit.

Partial implementation for Application Layer Protocol Negotiation (ALPN) has been added.

Support PKIX alias for KeyManagerFactory to use X.509 credentials, used as the following: 
KeyManagerFactory.getInstance("PKIX", jsseProvider);


And some other bugfixes were done. For the complete list of resolved issues, see the Release Notes.

For BSAFE downloads, documentation and more, contact Dell Support.

---
* At time of initial publication of this release advisory, Dell BSAFE Crypto Module for Java 7.0 was on NIST Cryptographic Module Validation Program's Module In Process list with a status of "In Review" since December 23, 2022.

Affected Products

BSAFE SSL-J
Article Properties
Article Number: 000220635
Article Type: How To
Last Modified: 20 Dec 2023
Version:  2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.