![]() Mozilla’s CA certificate program is well regarded throughout the industry for its high standards and independence. From now on, AdoptOpenJDK’s trust store contains the same CA certificates as Firefox.ĭoes that mean AdoptOpenJDK is less secure than before because it can now connect to more websites than before? Absolutely not. Therefore, we have decided to deviate from OpenJDK and instead to align with Mozilla Firefox. Over the years, we received numerous reports from users that could not connect with Java to a server while they had no problem with their browser or command line tools like curl. Starting with 8u282, 11.0.10, and 15.0.2, this is no longer the case. So far, AdoptOpenJDK came with the trust store maintained by the OpenJDK project. To decide whether to trust the server’s certificate or not, Java uses its own trust store that is contained in a file called cacerts. When you open a TLS connection to a server with Java, for example, using HttpClient, Java validates the server’s certificate. How does the browser know which CAs to trust? It contains a list of trusted CA certficates or it asks the operating system that has such a list, too. If it is not, you get a warning, and you will be asked whether you want to proceed. ![]() ![]() If it is, the connection is established after some further checks were successfully performed. Well known CAs are Let’s Encrypt or Thawte. To determine whether it can trust the certificate, the browser checks if the certificate was signed by a trusted CA (certificate authority). When you open an HTTPS connection to a web server, your browser has to decide whether it trusts the server’s certificate or not. List of security fixes and other fixes in OpenJDK 15.0.2 List of security fixes and other fixes in OpenJDK 11.0.10 List of security fixes and other fixes in OpenJDK 8u282 As always, all binaries are thoroughly tested and available free of charge without usage restrictions on a wide range of platforms. Binaries are available for download of OpenJDK and Eclipse OpenJ9 (with OpenJDK class libraries). ![]() AdoptOpenJDK is happy to announce the immediate availability of AdoptOpenJDK 8u282, 11.0.10, and 15.0.2.
0 Comments
Leave a Reply. |