IBM SDK, Java Technology Edition, Version 6 Service Refresh 7 general availability.
Service refresh 7 is now available on developerWorks® and contains a number of enhancements to the SDK V6 code base:
- Incorporates improvements to the Javadump capability
- Integrates Sun Java 6 Update 17
- Includes unique security functions and support for z/OS®
- Improves monitoring of the Java Virtual Machine (JVM) using MXBean technology
- Improves application performance on the AIX® Power platform
- Includes a Java Secure Socket Extensions (JSSE) PTF for Transport Layer Services (TLS)
The service refresh also fixes a number of defects with the SDK.
Visit http://www.ibm.com/developerworks/java/jdk/index.html to download the service refresh for your platform.
By default, Javadumps now contain native stack traces for all threads on AIX, Linux®, and 32-bit Windows®. Each native thread is paired with the corresponding Java thread, if one exists. For further information about Javadumps, including how to disable this new feature, see the Java 6 Diagnostics Guide.
z/OS security enhancements
For the z/OS distributions of SDK V6 SR7, new security functions and support are provided, including:
- Support to the IBMJCECCA provider for symmetric key storage in the ICSF CKDS repository.
- Support to the IBMJCECCA and IBMJCE providers so that you can use a PCICC private key with a RACF® keystore. You can create the PCICC private key using the RACF RACDCERT command with a parameter of PCICC.
- Improved methods for configuring new installations and service upgrades when using the IBMJCECCA provider. You no longer need to install the unrestricted jurisdiction policy files because the process uses the restricted jurisdiction policy files that are installed by default.
- Support to the IBMJCECCA provider for wrapping hardware-based clear symmetric encryption keys using the RSA algorithm, which creates key-encrypting keys.
- Support to the IBMJCECCA provider and hwkeytool utility program to delete PKDS keys by label, using ICSF.
Monitoring using MXBean technology
MBeans and MXBeans are used to provide information about the state of the Java Virtual Machine (JVM). Monitoring tools, such as JConsole, can reference the data in MXBeans and present this data for analysis. Java 6 service refresh 7 includes new GarbageCollector beans that provide data for Java heap management, including nursery and tenured heap values. Additionally, the OperatingSystem bean includes new properties to monitor memory size and CPU consumption. For more information about using JConsole to monitor these values, see the Java 6 Diagnostics Guide.
AIX default page size
On AIX POWER® systems the Java heap is now allocated with 64K pages by default, instead of 4K pages, which improves application throughput and startup performance. However, this change causes a slight increase in the amount of memory used by each pthread. If memory usage is critical to your application, you can revert to the behavior of Java 6 SR6 by following the steps described in the tuning section of the readme file. These instructions can also be found in the User Guide: http://publib.boulder.ibm.com/infocenter/javasdk/v6r0/topic/com.ibm.java.doc.user.aix32.60/user/limitations.html.
Transport Layer Security (TLS) handshake renegotiation
All customers using products that rely on Secure Socket Layer v3 (SSLv3) or any of the multiple versions of Transport Layer Security (TLS) in support for secure communications between a client and server or between server and server are impacted by a recently discovered weakness in the TLS and SSL v3 protocols.
IBM Java Secure Socket Extensions (JSSE) includes TLS support. If your Java application uses JSSE for secure communication, you can disable TLS renegotiation by installing the PTF for APAR IZ65239. After installing the JSSE PTF for APAR IZ65239, the following properties are added:
com.ibm.jsse2.renegotiate=[ALL | NONE | ABBREVIATED]
ALL: allow both abbreviated and unabbreviated (full) renegotiation handshakes.
NONE: allow no renegotiation handshakes. This option is the new default setting.
ABBREVIATED: allow only abbreviated renegotiation handshakes.
For more information about the TLS handshake renegotiation security vulnerability, see Transport Layer Security (TLS) handshake renegotiation weak security CVE-2009-3555 relative to the IBM SDK for Java.
For a list of defects that are fixed by this service refresh, see:
32-bit fixes list: http://www.ibm.com/developerworks/java/jdk/aix/j632/Java6.fixes.html
64-bit fixes list: http://www.ibm.com/developerworks/java/jdk/aix/j664/Java6_64.fixes.html
Note: Although the links provided are for AIX, the list of defects applies to all platforms.