Java 11 client TLS bypass fixed in recent Java patch

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Java 11 client TLS bypass fixed in recent Java patch

Cantor, Scott E.
This is a public service note, just highlighting there's apparently a really serious client TLS bypass [1] in Java 11 and 13 that could certainly impact the security of SAML back channel scenarios like attribute queries or artifact usage for the Identity Provider

It was patched in the most recent fix release, so if you're impacted, make sure you patch.

-- Scott

[1] https://web-in-security.blogspot.com/2020/01/cve-2020-2655-jsse-client.html

--
To unsubscribe from this list send an email to [hidden email]