Full release notes: https://bitly.com/openjdk1108
The following expired Comodo root CA certificate was removed from the cacerts
keystore: +
alias name "addtrustclass1ca [jdk]"
Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
The following expired DocuSign root CA certificate was removed from the cacerts
keystore: +
alias name "keynectisrootca [jdk]"
Distinguished Name: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
The SunPKCS11 security provider can now be initialized with NSS when FIPS-enabled external modules are configured in the Security Modules Database (NSSDB). Prior to this change, the SunPKCS11 provider would throw a RuntimeException with the message: "FIPS flag set for non-internal module" when such a library was configured for NSS in non-FIPS mode.
This change allows the JDK to work properly with recent NSS releases in GNU/Linux operating systems when the system-wide FIPS policy is turned on.
Further information can be found in JDK-8238555.
In JDK 11 and later, javax.net.ssl.SSLEngine
by default used client
mode when handshaking. As a result, the set of default enabled
protocols may differ to what is expected. SSLEngine
would usually be
used in server mode. From this JDK release onwards, SSLEngine
will
default to server mode. The
javax.net.ssl.SSLEngine.setUseClientMode(boolean mode)
method may
be used to configure the mode.
Two new System Properties are added to customize the TLS signature
schemes in JDK. jdk.tls.client.SignatureSchemes
is added for TLS
client side, and jdk.tls.server.SignatureSchemes
is added for server
side.
Each System Property contains a comma-separated list of supported signature scheme names specifying the signature schemes that could be used for the TLS connections.
The names are described in the "Signature Schemes" section of the Java Security Standard Algorithm Names Specification.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2020-5d0b4a2b5b
Please login to add feedback.
This update has been submitted for testing by ahughes.
This update's test gating status has been changed to 'ignored'.
This update's test gating status has been changed to 'waiting'.
ahughes edited this update.
This update's test gating status has been changed to 'ignored'.
ahughes edited this update.
ahughes edited this update.
This update has been pushed to testing.
Works for me.
Works for me.
This update can be pushed to stable now if the maintainer wishes
Seems to work fine
This update has been submitted for stable by bodhi.
This update has been pushed to stable.