IBM SDK, Java Technology Edition, Version 7 Service Refresh 1 general availability.
Service refresh 1 is now available on developerWorks and contains a number of enhancements to the Version 7 code base:
- Security support for the requirements as defined by National Institute of Standards and Technology (NIST) Special Publications 800-131a
- Ability to switch on verbose garbage collection logging with an IBM JVMTI extension
- Ability to use the JVMTI ClassFileLoadHook with cached classes
- Diagnostic improvements, including the ability to use the dump viewer in batch mode, and the ability to remove dump agents by event type
- Support for security vulnerabilities
- Support for later web browser releases, such as Internet Explorer 9 and Mozilla Firefox 7.0
The following changes to default settings apply to service refresh 1:
- Change to the default Java heap size for the Windows JVM
- Changes to locale translation files
- Change to default encoding for AIX ja_JP locale
NIST SP800-131a compliance
SP800-131a compliance requires the use of stronger cryptographic keys and more robust algorithms. This new standard defines how cryptographic algorithms and key lengths must be transitioned to the new levels required by the end of 2013. For more information about NIST SP800-131a, see Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths.
From service refresh 1, default key lengths are increased for the Digital Signature Algorithm (DSA), the Diffie-Hellman Algorithm (DH), the RSA Algorithm (RSA), and the Elliptic Curve Algorithms (ECDSA) to conform to the NIST 800-131A recommendations. The default value is used when no other value is specified. The changes to the default values are listed in the table:
|Algorithm||Old default value||New default value|
Fixes are provided for security vulnerabilities, including:
- Browser Exploit Against SSL/TLS (BEAST) security vulnerability, CVE-2011-3389
- SocketFactory vulnerability, CVE-2011-3560
If you have Java applications or applets with a legitimate need to set a particular SSLSocketFactory, you must make the following change after applying the fix:
- Update the Java security java.policy file to include the "setFactory" permission, if it is not already there. Use java.lang.RuntimePermission("setFactory").
Further information about these fixes can be found in the IBM JSSE2 Reference Guide.
Change to the default Java heap size on the Windows JVM
If you do not specify the maximum Java heap size with the -Xmx option, the value chosen is half the available memory. The minimum value is 16 MB, and the maximum value is 512 MB.
Changes to locale translation files
Changes are made to the locale translation files to make them consistent with Oracle JDK 7. The same changes were also applied to the IBM SDK, Java Technology Edition, Version 6 for consistency with Oracle JDK 6. To understand the differences in detail, see this support document for Java 6: http://www.ibm.com/support/docview.wss?uid=swg21568667.
Change to default encoding for AIX ja_JP locale
The AIX V7.1 and AIX V6.1 TL 6100-06 releases extend the NEC-selected character support to the IBM-eucJP code set used for the AIX ja_JP locale. From IBM SDK, Java Technology Edition, Version 7 Service Refresh 1, converters IBM29626 and IBM29626C are added to support these changes. The default encoding for the AIX ja_JP.IBM-eucJP locale is changed from x-IBM33722C to x-IBM29626C.