Start of changes for service refresh 1 fix pack 1

Logjam security vulnerability CVE-2015-4000

A potential weakness is exposed with DH and DHE cipher suites that relates to the Logjam security vulnerability. This vulnerability is addressed in service refresh 1 fix pack 1.

The Logjam security vulnerability describes a weakness with Transport Layer Security (TLS) protocols V1.2 and earlier versions, caused by the failure to properly convey a DHE_EXPORT cipher suite choice. This specific issue does not affect IBM® SDK, Java™ Technology Edition, because DHE_EXPORT cipher suites are disabled by default. However, the Logjam vulnerability does affect DH and DHE cipher suites; the server can send a weak DH key, which is then subject to a man-in-the-middle attack. To mitigate against this exposure, weak DH keys are disabled at the client by specifying the minimum key size that the client will accept.

DH keys that are less than 768 bits are rejected by the client by default in the java.security file. For example:

jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768

Start of changes for service refresh 1 fix pack 10 If the java.security file is not updated with DH keySize < 768 for the jdk.tls.disabledAlgorithms property, JSSE2 applies a minimum default key size of 768 for DH keys. However, if an entry exists in the java.security for jdk.tls.disabledAlgorithms with a DH key size set, IBMJSSE2 does not override it. End of changes for service refresh 1 fix pack 10

When FIPS mode is enabled in the IBMJSSE2 provider by setting com.ibm.jsse2.usefipsprovider=true, a 2048-bit DH key is used on the server side.

Note: ECDH and ECDHE cipher suites are not affected by the Logjam vulnerability.

End of changes for service refresh 1 fix pack 1