RELEASE NOTES: JDK 11.0.1

Disabled All DES TLS Cipher Suites

DES-based TLS cipher suites are considered obsolete and should no longer be used. DES-based cipher suites have been deactivated by default in the SunJSSE implementation by adding the "DES" identifier to the jdk.tls.disabledAlgorithms security property. These cipher suites can be reactivated by removing "DES" from the jdk.tls.disabledAlgorithms security property in the java.security file or by dynamically calling the Security.setProperty() method. In both cases re-enabling DES must be followed by adding DES-based cipher suites to the enabled cipher suite list using the SSLSocket.setEnabledCipherSuites() or SSLEngine.setEnabledCipherSuites() methods.

Note that prior to this change, DES40_CBC (but not all DES) suites were disabled via the jdk.tls.disabledAlgorithms security property.

Added Additional TeliaSonera Root Certificate

The following root certificate have been added to the OpenJDK cacerts truststore: + TeliaSonera + teliasonerarootcav1

DN: CN=TeliaSonera Root CA v1, O=TeliaSonera

LDAPS Communication Failure

Application code using LDAPS with a socket connect timeout that is <= 0 ( the default value ), may encounter an exception when establishing the connection.

The top most frames from Exception stack traces of applications encountering such issues might resemble the following:

` javax.naming.ServiceUnavailableException: <server:port>; socket closed at com.sun.jndi.ldap.Connection.readReply(Unknown Source)<br /> at com.sun.jndi.ldap.LdapClient.ldapBind(Unknown Source) ... `