PT-2023-6741 · Ibm +3 · Jsse +5

Name of the Vulnerable Software and Affected Versions: IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE versions 8.0.7.0 through 8.0.7.11 Description: The issue is related to the use of flawed cryptographic algorithms in the Java Secure Socket Extension JSSE and IBMJCEPlus...

OpenJDK: Triple Handshake attack against TLS/SSL connections (JSSE, 8037066)

It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE...