991303 wrote:I'm seeing similar results.
I've been able to reproduce the problem in u6, but not u5. I'm wondering if it's related to this change:
I noticed that the bug suggested here (http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=2222432) relates to the Diffie-Hellman key exchange, so I tried selecting a cipher which does not use Diffie-Hellman (-Dhttps.cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256) and the problem went away. So I think we have a workaround.Unfortunately, sometimes DHE is required (as it is in our case).
Thank you for the link. I'm replying now because of NSA's revelations. Diffie Hellman Ephemeral ciphers offer perfect forward secrecy. That is, compromise of the public key doesn't help in decrypting actual payload data. Is Oracle colluding with NSA in forcing users to switch away from these ciphers as workaround?