Experiance of migrating MFT from Java 7 to Java 8
Posted: Wed Jul 27, 2016 11:21 am
We are currently planning the migration of our MFT instances from Java 7 to Java 8 to resolve some negotiation failures when connecting with external clients via SFTP
However I am concerned that external clients with older Java installations maybe impacted by this migration.
The default Java 8 Security policy files includes some settings to allow customisation of the algorithms (as below) :
dk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768
jdk.tls.legacyAlgorithms= \
K_NULL, C_NULL, M_NULL, \
DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
DH_RSA_EXPORT, RSA_EXPORT, \
DH_anon, ECDH_anon, \
RC4_128, RC4_40, DES_CBC, DES40_CBC
I’d be very interested to hear about issues other MFT customers might have encountered during similar migrations and any adjustment to the settings above that were made to resolve issues (and any advice you can provide in this area – to allow the maximum backward compatibility with Java 7 security settings)
We haven’t encountered any specific issues so far but I’d like to be prepared before we deploy Java 8 to a busy testing environment.
Thanks :-)
However I am concerned that external clients with older Java installations maybe impacted by this migration.
The default Java 8 Security policy files includes some settings to allow customisation of the algorithms (as below) :
dk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768
jdk.tls.legacyAlgorithms= \
K_NULL, C_NULL, M_NULL, \
DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
DH_RSA_EXPORT, RSA_EXPORT, \
DH_anon, ECDH_anon, \
RC4_128, RC4_40, DES_CBC, DES40_CBC
I’d be very interested to hear about issues other MFT customers might have encountered during similar migrations and any adjustment to the settings above that were made to resolve issues (and any advice you can provide in this area – to allow the maximum backward compatibility with Java 7 security settings)
We haven’t encountered any specific issues so far but I’d like to be prepared before we deploy Java 8 to a busy testing environment.
Thanks :-)