[Info-vax] Programming languages on VMS

Arne Vajhøj arne at vajhoej.dk
Sat Feb 10 20:25:51 EST 2018 

On 2/9/2018 5:13 PM, Stephen Hoffman wrote:
> Those are very old versions of Java.
> Versions prior to Java 8 lack supported for modern DHE lengths; 2048 or 
> longer is preferred, 1024 minimally, and Java 7 was limited to 768 bits 
> IIRC.

With builtin JCE provider.

Add BouncyCastle and you have what you need.

> Versions prior to Java 7 lack support for TLSv1.2, which is a basic 
> requirement for SSL in recent times.  Audits have bagged OpenVMS Java at 
> a number of sites for this omission.
> I'm presently chasing a different down-revision TLS mess and one not 
> related to Java, too.  But I digress.

Again this is with builtin JSSE.

Add BounceCastle and you can have TLS 1.2:

$ java -version
java version "1.5.0"
Java(TM) 2 Runtime Environment, Standard Edition
Fast VM (build 1.5.0-9, build J2SDK.v.1.5.0:03/14/2016-18:40, native 
threads, jit_150)
$ type TLSVersions.java
import java.security.NoSuchAlgorithmException;

import javax.net.ssl.SSLContext;

public class TLSVersions {
     private static void test(String protocol) {
         try {
             SSLContext.getInstance(protocol);
             System.out.println(protocol + " is supported");
         } catch (NoSuchAlgorithmException e) {
             System.out.println(protocol + " is NOT supported");
         } catch(InternalError e2) {
             System.out.println(protocol + " is NOT supported");
         }
     }
     public static void main(String[] args) {
         test("SSLv3");
         test("TLSv1");
         test("TLSv1.1");
         test("TLSv1.2");
         test("TLSv1.3");
     }
}
$ javac TLSVersions.java
$ java "TLSVersions"
SSLv3 is supported
TLSv1 is supported
TLSv1.1 is NOT supported
TLSv1.2 is NOT supported
TLSv1.3 is NOT supported
$ type tlsfix.security
security.provider.1=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider
security.provider.11=sun.security.provider.Sun
security.provider.12=sun.security.rsa.SunRsaSign
security.provider.13=com.sun.net.ssl.internal.ssl.Provider
security.provider.14=com.sun.crypto.provider.SunJCE
security.provider.15=sun.security.jgss.SunProvider
security.provider.16=com.sun.security.sasl.Provider
$ java -cp .:bctls-jdk15on-159.jar:bcprov-jdk15on-159.jar 
"-Djava.security.properties=tlsfix.security" "TLSVersions"
SSLv3 is supported
TLSv1 is supported
TLSv1.1 is supported
TLSv1.2 is supported
TLSv1.3 is NOT supported

A third party provider may not be a feasible option for all
sites, but it is worth considering.

Also note that if one is willing to edit the system java.security
file, then tlsfix.security is not needed.

Arne

More information about the Info-vax mailing list