Ask HN: Is Oracle Java 7 no longer secure?
Unless I missed something, it seems Oracle's Java 7u9 JRE no longer enables checking of SSL Certificate Revocation Lists (CRLs)[see: http://docs.oracle.com/javase/7/docs/technotes/guides/deployment/deployment-guide/jcp.html#security - search for CRL, notice the default]. Does this mean any ssl certificate that may have been compromised and placed into CRL is no longer validated?
2 comments
[ 3.0 ms ] story [ 10.4 ms ] thread