Hide Forgot
Description of problem: A regression was found in the fix for CVE-2011-3389/7064341 that was applied to Oracle JDK 6u29 and matching OpenJDK update. This causes connections to certain SSL servers to hang: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7103725 In our case, this problem was reported for JBoss products using JDBC to connect to Microsoft SQL server. Some workarounds were identified: - use non-CBC cipher (e.g. one of RC4 cipher suites) - disable CVE-2011-3389 mitigation using -Djsse.enableCBCProtection=false Related Support Essentials article: https://access.redhat.com/kb/docs/DOC-67350
Oracle 6u30 was released to address this issue: http://www.oracle.com/technetwork/java/javase/6u30-relnotes-1394870.html
Fixed in upstream OpenJDK: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/cb20ed4b953a
Fix is in IcedTea6 HEAD: http://icedtea.classpath.org/hg/icedtea6/rev/8a24f86753c6 Needs backporting to branches.
This is fixed in the latest upstream release: http://blog.fuseyism.com/index.php/2012/01/12/icedtea6-1-8-12-1-9-12-and-1-10-5-released/ I'll leave others to comment on when this will be packaged for RHEL.
This was fixed upstream in IcedTea 1.10.5. We have updated to 1.10.6 in RHSA-2012:0135, hence this issue is fixed. https://rhn.redhat.com/errata/RHSA-2012-0135.html