jss-4.4.0-13.el7

Java Security Services (JSS) provides an interface between Java Virtual Machine and Network Security Services (NSS). It supports most of the security standards and encryption technologies supported by NSS including communication through SSL/TLS network protocols. JSS is primarily utilized by the Certificate Server as a part of the Identity Management System.

This update fixes the following bug:

* Previously, due to a missing parameter check, encoding and decoding of an AlgorithmIdentifier object in the Java Security Services (JSS) was inconsistent. As a consequence, if JSS decoded an AlgorithmIdentifier object and encoded it again, JSS added in certain situations incorrectly a NULL parameter. This update detects if a parameter exists and no longer adds the NULL parameter. As a result, encoding and decoding AlgorithmIdentifier objects in JSS is consistent. (BZ#1595759)

In addition, this update adds the following enhancement:

* This update adds support for TLS_*_SHA384 ciphers to the Java Security Services (JSS). (BZ#1596552)

Users of jss are advised to upgrade to these updated packages, which fix this bug and add this enhancement.