Dell BSAFE SSL-J 7.2 Release Advisory

Summary: Dell BSAFE SSL-J 7.2 is now available. This release integrates Dell BSAFE Crypto Module for Java 7.0 as its underlying FIPS 140-3 provider.

Acest articol se aplică pentru Acest articol nu se aplică pentru Acest articol nu este legat de un produs specific. Acest articol nu acoperă toate versiunile de produs existente.
Consultați alte resurse

Instructions

Initially published on December 20, 2023.

Announcement

The Dell BSAFE Product Team announces the release and general availability of Dell BSAFE SSL-J 7.2. This release integrates Dell BSAFE Crypto-J 7.0, with Dell BSAFE Crypto Module for Java 7.0 as its underlying FIPS 140-3 provider *.

This release does not address any security issue. The following describes the major changes.

The default TLS cipher suite list has been updated to remove cipher suites using SHA-1 signatures, AES-CBC for encryption or DHE for key agreement.

SSL-J 7.2 ships with and integrates BSAFE Crypto-J 7.0 and has also been tested to work with Crypto-J 6.2.6.1 and 6.3.

Initial support for Java 17, using OpenJDK 17, has been added. Crypto-J has not been individually tested with Java 17. Please report any issue you may run into.

Support for the following JDK and proprietary properties have been added. Some were added in SSL-J 7.1.1:
  • jdk.tls.client.enableCAExtension
  • jdk.tls.server.protocols
  • jdk.tls.client.protocols
  • jdk.tls.client.cipherSuites
  • jdk.tls.server.cipherSuites
  • com.rsa.ssl.eku.required
  • com.rsa.ssl.eku.ignoreAnyExtendedKeyUsage
  • com.rsa.ssl.allowNullClientAlias
  • com.rsa.ssl.allowNonMatchingCACert
  • jdk.tls.ephemeralDHKeySize
Support and implementation for the following proprietary property has been removed:
  • com.rsa.jsse.FIPS140Role
Maximum DH key size support has been increased from 4096-bit to 8192-bit.

Partial implementation for Application Layer Protocol Negotiation (ALPN) has been added.

Support PKIX alias for KeyManagerFactory to use X.509 credentials, used as the following: 
KeyManagerFactory.getInstance("PKIX", jsseProvider);


And some other bugfixes were done. For the complete list of resolved issues, see the Release Notes.

For BSAFE downloads, documentation and more, contact Dell Support.

---
* At time of initial publication of this release advisory, Dell BSAFE Crypto Module for Java 7.0 was on NIST Cryptographic Module Validation Program's Module In Process list with a status of "In Review" since December 23, 2022.

Produse afectate

BSAFE SSL-J
Proprietăți articol
Article Number: 000220635
Article Type: How To
Ultima modificare: 20 dec. 2023
Version:  2
Găsiți răspunsuri la întrebările dvs. de la alți utilizatori Dell
Servicii de asistență
Verificați dacă dispozitivul dvs. este acoperit de serviciile de asistență.