+++ This bug was initially created as a clone of Bug #767129 +++ Description of problem: A regression was found in the fix for CVE-2011-3389/7064341 that was applied to Oracle JDK 6u29 and matching OpenJDK update. This causes connections to certain SSL servers to hang: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7103725 In our case, this problem was reported for JBoss products using JDBC to connect to Microsoft SQL server. Some workarounds were identified: - use non-CBC cipher (e.g. one of RC4 cipher suites) - disable CVE-2011-3389 mitigation using -Djsse.enableCBCProtection=false Related Support Essentials article: https://access.redhat.com/kb/docs/DOC-67350
This was fixed upstream in IcedTea 1.10.5. We have updated to 1.10.6 in RHSA-2012:0322, hence this issue is fixed. https://rhn.redhat.com/errata/RHSA-2012-0322.html