Java

Java

Java

Topics on Semeru (Java) on IBM Z

 View Only

  • 1.  Java 17.0.18 TLS 1.2 problem

    Posted Tue April 21, 2026 04:00 AM

    Hello,

       We have a C/C++ application which uses TLS 1.2 to connect to Java application. With the Java 17.0.18 we have the following error:

    "io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: no cipher suites in common"

    Same connection works fine with 17.0.17.

    There https://www.ibm.com/support/pages/semeru-runtimes-fixes-version-17 are some "security fixes" mentioned, can i somewhere find what was exactly changed or disabled?

    Thank you.



    ------------------------------
    Sergey Korzhevsky
    Senior Software Engineer in Test
    Rocket Software
    ------------------------------


  • 2.  RE: Java 17.0.18 TLS 1.2 problem

    Posted Tue April 21, 2026 06:11 AM

    We found, this is "TLS_RSA_*" in jdk.tls.disabledAlgorithms (conf/security/java.security)



    ------------------------------
    Sergey Korzhevsky
    Senior Software Engineer in Test
    Rocket Software
    ------------------------------



  • 3.  RE: Java 17.0.18 TLS 1.2 problem

    Posted Wed April 22, 2026 09:34 AM

    Hello,

       This suggests that the previous cipher suite in common was RSA based. Did you change the disabledAlgorithms and retry?

    Jon Furminger
    z/OS Java
    IBM



    ------------------------------
    Jon Furminger
    ------------------------------

    Original Message


  • 4.  RE: Java 17.0.18 TLS 1.2 problem

    Posted Wed April 22, 2026 09:34 AM

    Hello,

       This suggests that the previous working system was using an RSA based cipher suite. Did you try changing the disabledAlgorithms and retrying?



    ------------------------------
    Jon Furminger
    ------------------------------

    Original Message


  • 5.  RE: Java 17.0.18 TLS 1.2 problem

    Posted Wed April 22, 2026 10:09 AM

    Hi Jon,

      Yes, updating java.security works, also we can specify additional cipher suites in C/C++ application, which are not disabled. I'm just thinking, that it would be good to specify such changes explicitly in release notes.

      Thanks.



    ------------------------------
    Sergey Korzhevsky
    Senior Software Engineer in Test
    Rocket Software
    ------------------------------

    Original Message


  • 6.  RE: Java 17.0.18 TLS 1.2 problem

    Posted Wed April 22, 2026 12:51 PM
    Hello Sergey,

    Sorry to hear this affected your application. A colleague explained to me that the change comes from an OpenJDK change to improve JSSE:
    https://bugs.openjdk.org/browse/JDK-8245545
    It's mentioned on the Oracle JRE and JDK Cryptographic Roadmap
    https://www.java.com/en/jre-jdk-cryptoroadmap.html
    "Disable TLS_RSA Cipher Suites"
    IBM doesn't attempt to make release notes for all the OpenJDK changes, so the roadmap page above is a valuable resource for this type of change.
    -- Will Smith, IBM support (Java and Semeru on z/OS)


    ------------------------------
    Will SMITH
    ------------------------------

    Original Message


  • 7.  RE: Java 17.0.18 TLS 1.2 problem

    Posted Thu April 23, 2026 12:05 AM

    Hello Will,

       Got it, thank you for explaining!



    ------------------------------
    Sergey Korzhevsky
    Senior Software Engineer in Test
    Rocket Software
    ------------------------------

    Original Message


Related Content