Initially published on December 20, 2023.
Announcement
The Dell BSAFE Product Team announces the release and general availability of
Dell BSAFE SSL-J 7.2. This release integrates
Dell BSAFE Crypto-J 7.0, with
Dell BSAFE Crypto Module for Java 7.0 as its underlying FIPS 140-3 provider
*.
This release does not address any security issue. The following describes the major changes.
The default TLS cipher suite list has been updated to remove cipher suites using SHA-1 signatures, AES-CBC for encryption or DHE for key agreement.
SSL-J 7.2 ships with and integrates BSAFE Crypto-J 7.0 and has also been tested to work with Crypto-J 6.2.6.1 and 6.3.
Initial support for Java 17, using OpenJDK 17, has been added. Crypto-J has not been individually tested with Java 17. Please report any issue you may run into.
Support for the following JDK and proprietary properties have been added. Some were added in SSL-J 7.1.1:
- jdk.tls.client.enableCAExtension
- jdk.tls.server.protocols
- jdk.tls.client.protocols
- jdk.tls.client.cipherSuites
- jdk.tls.server.cipherSuites
- com.rsa.ssl.eku.required
- com.rsa.ssl.eku.ignoreAnyExtendedKeyUsage
- com.rsa.ssl.allowNullClientAlias
- com.rsa.ssl.allowNonMatchingCACert
- jdk.tls.ephemeralDHKeySize
Support and implementation for the following proprietary property has been removed:
Maximum DH key size support has been increased from 4096-bit to 8192-bit.
Partial implementation for Application Layer Protocol Negotiation (ALPN) has been added.
Support
PKIX alias for
KeyManagerFactory to use X.509 credentials, used as the following:
KeyManagerFactory.getInstance("PKIX", jsseProvider);
And some other bugfixes were done. For the complete list of resolved issues, see the Release Notes.
For BSAFE downloads, documentation and more, contact Dell Support.
---
* At time of initial publication of this release advisory, Dell BSAFE Crypto Module for Java 7.0 was on NIST Cryptographic Module Validation Program's Module In Process list with a status of "In Review" since December 23, 2022.