Hello, Recently I've been working on Java application for sending some request via http/https, and site openlibrary.org, which uses TLS_DHE_RSA_WITH_AES_128_CBC_SHA cipher, cannot be processed with Java 6 entirely and Java 7/8 up to some update (1.7.0_21 and 1.8.0_5, as I know, but I'm pretty sure that this is not only Java problem), here is link - http://bugs.java.com/bugdatabase/view_bug.do?bug_id=6521495 .
I've tried to use different from Oracle's JCE (such as Bouncy Castle - https://www.bouncycastle.org/), and for all cipher expect one mentioned above this provider fixes problem with key's length restrictions ( http://bugs.java.com/bugdatabase/view_bug.do?bug_id=6521495 ). I've also tried change security policy, but the problem is connected with this specific cipher (DHE_RSA family's cipher are still using Oracle's code to generate keypairs in spite of selected security provider). So my request is: can site change SSL cipher algorithm from TLS_DHE_RSA_WITH_AES_128_CBC_SHA to, for example, more robust elliptic curve-based TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256? For me migration to Java 8 would be a solution, but right now I'm stuck with Java 6. I think many Java developers would be very happy if this request will be accepted. Thank you, Alex
_______________________________________________ Ol-tech mailing list [email protected] http://mail.archive.org/cgi-bin/mailman/listinfo/ol-tech Archives: http://www.mail-archive.com/[email protected]/ To unsubscribe from this mailing list, send email to [email protected]
