IBM SDK, Java Technology Edition, Version 7 Service Refresh 1

News


Abstract

IBM SDK, Java Technology Edition, Version 7 Service Refresh 1 general availability.

Content

Service refresh 1 is now available on developerWorks and contains a number of enhancements to the Version 7 code base:

  • Security support for the requirements as defined by National Institute of Standards and Technology (NIST) Special Publications 800-131a
  • Ability to switch on verbose garbage collection logging with an IBM JVMTI extension
  • Ability to use the JVMTI ClassFileLoadHook with cached classes
  • Diagnostic improvements, including the ability to use the dump viewer in batch mode, and the ability to remove dump agents by event type
  • Support for security vulnerabilities
  • Support for later web browser releases, such as Internet Explorer 9 and Mozilla Firefox 7.0

The following changes to default settings apply to service refresh 1:


NIST SP800-131a compliance

SP800-131a compliance requires the use of stronger cryptographic keys and more robust algorithms. This new standard defines how cryptographic algorithms and key lengths must be transitioned to the new levels required by the end of 2013. For more information about NIST SP800-131a, see Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths.
From service refresh 1, default key lengths are increased for the Digital Signature Algorithm (DSA), the Diffie-Hellman Algorithm (DH), the RSA Algorithm (RSA), and the Elliptic Curve Algorithms (ECDSA) to conform to the NIST 800-131A recommendations. The default value is used when no other value is specified. The changes to the default values are listed in the table:

Algorithm Old default value New default value
RSA 1024 2048
DSA/DH 1024 2048
ECDSA 192 256
Table 1: Changes to default values for algorithm key lengths

Fixes are provided for security vulnerabilities, including:
  • Browser Exploit Against SSL/TLS (BEAST) security vulnerability, CVE-2011-3389
  • SocketFactory vulnerability, CVE-2011-3560

If you have Java applications or applets with a legitimate need to set a particular SSLSocketFactory, you must make the following change after applying the fix:
  • Update the Java security java.policy file to include the "setFactory" permission, if it is not already there. Use java.lang.RuntimePermission("setFactory").

Further information about these fixes can be found in the IBM JSSE2 Reference Guide.


Change to the default Java heap size on the Windows JVM

If you do not specify the maximum Java heap size with the -Xmx option, the value chosen is half the available memory. The minimum value is 16 MB, and the maximum value is 512 MB.

Changes to locale translation files

Changes are made to the locale translation files to make them consistent with Oracle JDK 7. The same changes were also applied to the IBM SDK, Java Technology Edition, Version 6 for consistency with Oracle JDK 6. To understand the differences in detail, see this support document for Java 6: http://www.ibm.com/support/docview.wss?uid=swg21568667.

Change to default encoding for AIX ja_JP locale

The AIX V7.1 and AIX V6.1 TL 6100-06 releases extend the NEC-selected character support to the IBM-eucJP code set used for the AIX ja_JP locale. From IBM SDK, Java Technology Edition, Version 7 Service Refresh 1, converters IBM29626 and IBM29626C are added to support these changes. The default encoding for the AIX ja_JP.IBM-eucJP locale is changed from x-IBM33722C to x-IBM29626C.

Rate this page:

(0 users)Average rating

Document information


More support for:

Runtimes for Java Technology
Java SDK

Software version:

7.0

Operating system(s):

AIX, Linux, Linux zSeries, Solaris, Windows, z/OS

Software edition:

J2SE

Reference #:

1592639

Modified date:

2014-02-25

Translate my page

Machine Translation

Content navigation