Knowledge Partner
Knowledge Partner
821 views

Azul Zulu Java in newest SSPR (4.3.3.0)

I see that the JVM/JDK in SSPR appliance, installer is changed AWAY from
Oracle, and to Azul's Zulu JVM.

I had honestly never seen Zulu before.

Anyone have any feedback? Is this in response to Oracles license
changes I remember hearing rumblings about.

Seems like there is a cert with SAN issue in the readme, at:

https://www.oracle.com/technetwork/java/javase/8u181-relnotes-4479407.html#JDK-8200666

"To improve the robustness of LDAPS (secure LDAP over TLS ) connections,
endpoint identification algorithms have been enabled by default."

It looks like you would need to add a -D style switch to the process
starting Tomcat and add in:
com.sun.jndi.ldap.object.disableEndpointIdentification=true

to turn off this new feature (Or you could fix your cert so that the
cert matches common name of the server being contacted over
SSL/LDAPS/TLS/whatever.

0 Likes
1 Reply
Knowledge Partner
Knowledge Partner

Re: Azul Zulu Java in newest SSPR (4.3.3.0)

On 9/20/2018 2:06 PM, Geoffrey Carman wrote:
> I see that the JVM/JDK in SSPR appliance, installer is changed AWAY from
> Oracle, and to Azul's Zulu JVM.
>
> I had honestly never seen Zulu before.
>
> Anyone have any feedback?  Is this in response to Oracles license
> changes I remember hearing rumblings about.
>
> Seems like there is a cert with SAN issue in the readme, at:
>
> https://www.oracle.com/technetwork/java/javase/8u181-relnotes-4479407.html#JDK-8200666
>
>
> "To improve the robustness of LDAPS (secure LDAP over TLS ) connections,
> endpoint identification algorithms have been enabled by default."
>
> It looks like you would need to add a -D style switch to the process
> starting Tomcat and add in:
> com.sun.jndi.ldap.object.disableEndpointIdentification=true
>
> to turn off this new feature (Or you could fix your cert so that the
> cert matches common name of the server being contacted over
> SSL/LDAPS/TLS/whatever.


So I see Azul Enterprise is basically a way of maintaining a Java 8 JVM
that is supported for Security patches, since Oracle is 116 days away
from the last Java 8 security update.

Interesting. So Zulu Enterprise you have to buy. There is a Zulu
Embedded, I guess MF bought licenses for that? Interesting...

Will other IDM products moving to this as well? The mind wonders...


0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.