Reference Guide

Security Best Practices Guide

13.11.19

RSA BSAFE SSL-J 6.2.6

Security Best Practices Guide

The RSA BSAFE SSL-J (SSL-J) is a software development toolkit for building

cryptographic, certificate, and Transport Layer Security (TLS) security technologies

into Java™ applications, devices, and systems.

The installation and configuration of SSL-J as part of an application deployment must

be considered by the customer to ensure the toolkit is securely available. Best

practices in security and using SSL-J in a manner appropriate to the sensitivity of data

must be addressed by customer applications.

This document provides security best practice recommendations and an overview of

potential vulnerabilities with regards to SSL and TLS communications, and the SSL-J

security configuration options available to protect against these vulnerabilities.

Contents:

Best Practice for SSL-J FIPS 140-2 Compliance ........................................ 2

SSL/TLS Communications .............................................................................. 3

SSL/TLS Renegotiation Denial of Service Exploit ................................ 3

Sweet32: Birthday Attack ......................................................................... 4

Logjam Vulnerability ................................................................................. 5

Poodle Attack ............................................................................................ 6

SLOTH Attack ........................................................................................... 8

Triple Handshake Vulnerability ...............................................................9

Lucky Thirteen Attack ............................................................................. 10

BEAST Exploit ......................................................................................... 11

Support and Service ...................................................................................... 13