[INFO] Potential problems with Java versions 8u201, 8u202 and 11.0.2 using TLS

dleinich
Crownpeak Employee
Crownpeak Employee
2 0 618

In the latest versions of Java 8u201, 8u202 and 11.0.2, which have been released on the 15th of January 2019, the TLS Cipher-Suites Anon and Null have been deactivated. As FirstSpirit is using the Anon Cipher-Suite if no certificate is provided, the communication between the FirstSpirit web application and the FirstSpirit server may not work anymore.

This problem only affects you if you are using SSL without a certificate. If you are affected, we strongly suggest not to update Java to the versions mentioned above while we are working on a solution in the product. We will keep you updated about the progress in this post.

If you absolutely need to use one of the Java versions mentioned above, you, as an administrator, are able to do so by removing anon from jdk.tls.disabledAlgorithms in the java.security file.

Tags (4)