I have generated new packages for Precise for both OpenJDK 6 and 7. Please note that I have not backported TLS v1.2 support for OpenJDK 6, I only enabled TLS v1.1 by default (see bellow).
I have found and corrected the SSLv3 issue. It was caused when my backport "reverted" a few changes from the "8061210 Issues in TLS" fix. On OpenJDK 8 this and a few other changes were applied after "7093640: Enable client-side TLS 1.2 by default", but on OpenJDK 7 and 6 those changes were applied without "7093640".
I'm not backporting TLS v1.2 to OpenJDK 6 at this time due to 2 reasons:
1. OpenJDK 6 state is worse of then 7, lots of JDK 8 and 7 fixes were backported to it without TLS v1.2 ever been applied, thus there a lot of conflicts to go through and then each of those backports would have to be reviewed (I know because I tried). This spans a lot of classes and requires a very good knowledge of the affected classes and of each fix.
2. The only opinion I got when I asked on jdk6-dev about backporting TLS v1.2 to OpenJDK 6 was against the backport and no one else tipped in, so it OpenJDK 6 devs do not seem to be interested in it at all. [1]
I will keep an eye out to check how this goes, for now TLS v1.1 is still acceptable [2]. Eventually if someone from OpenJDK 6 agrees to help we can try backporting TLS v1.2 there again.
Nathan, my apologies for the delay.
I have generated new packages for Precise for both OpenJDK 6 and 7. Please note that I have not backported TLS v1.2 support for OpenJDK 6, I only enabled TLS v1.1 by default (see bellow).
I have found and corrected the SSLv3 issue. It was caused when my backport "reverted" a few changes from the "8061210 Issues in TLS" fix. On OpenJDK 8 this and a few other changes were applied after "7093640: Enable client-side TLS 1.2 by default", but on OpenJDK 7 and 6 those changes were applied without "7093640".
I'm not backporting TLS v1.2 to OpenJDK 6 at this time due to 2 reasons:
1. OpenJDK 6 state is worse of then 7, lots of JDK 8 and 7 fixes were backported to it without TLS v1.2 ever been applied, thus there a lot of conflicts to go through and then each of those backports would have to be reviewed (I know because I tried). This spans a lot of classes and requires a very good knowledge of the affected classes and of each fix.
2. The only opinion I got when I asked on jdk6-dev about backporting TLS v1.2 to OpenJDK 6 was against the backport and no one else tipped in, so it OpenJDK 6 devs do not seem to be interested in it at all. [1]
I will keep an eye out to check how this goes, for now TLS v1.1 is still acceptable [2]. Eventually if someone from OpenJDK 6 agrees to help we can try backporting TLS v1.2 there again.
[1] http:// mail.openjdk. java.net/ pipermail/ jdk6-dev/ 2015-August/ 003541. html /www.pcisecurit ystandards. org/documents/ Migrating_ from_SSL_ Early_TLS_ Information_ Supplement_ v1.pdf
[2] "... minimum of TLS v1.1, although entities are strongly encouraged to consider TLS v1.2. Note that not all implementations of TLS v1.1 are considered secure – refer to NIST SP 800-52 rev 1 for guidance on secure TLS configurations" https:/