Update handshake simulations for Java clients

[bhushan5640]

Currently, the baseline versions of Java Clients included in the Handshake simulation is very old and may give sites an incorrect assessment of what protocols are required to support clients. This could lead sites to retain RSA key exchange and 3DES longer than actually necessary.

2017-01-17 - 8u121 b13, 7u131 b12, 6u141 b12, R28.3.13

• For TLS, 3DES has been added to the jdk.tls.legacyAlgorithms security property. 3DES cipher suites will be used only if no stronger candidates can be used.
• Added support for the SHA224withDSA and SHA256withDSA signature algorithms.
• Increased the maximum key length for DSA to 2048 bits Maximum key length for DSA increased to 2048 bits.
• For TLS, disabled EC for keys of less than 256 bits. Elsewhere, disabled EC certificates with keys less than 224 bits.
• Increased the minimum key length for DSA certificates to 1024 bits.
• Added TLS 1.1 and 1.2 to the client list of default-enabled protocols.

2016-04-29 6u115 b32

• TLS 1.2 Added support for TLS 1.2 to JDK 6.

2016-01-19 6u111 b12 TLS 1.11

• Added support for TLS 1.1 to JDK 6.

-brihow

[anand-bhat]

I think the simulation should be limited to the last publicly available release.

• Java 6u45 (already in place)
• Java 7u80 (current sim is using Java 7u25)
• Java 8u152 (current sim is using Java 8u31)

[alexhass]

Could you also add a simulation for Java 9? I'm not sure if something may changed to Java 8.

I'd also like to see a simulation for Unlimited Strength Java(TM) Cryptography Extension Policy Files. I more and more get issues where others tell me to install this as they are upgrading to incompatible server configurations that lock out standard Java 8 clients.

[alexhass]

I just found out that there are SSL result differences between 8.0.44 and 8.0.161. The connection fails with 8.0.44, but does not with 8.0.161. The site you can test with is https://media.leisure-group.net/

[alexhass]

Ok, per java 8.0.161 release notes http://www.oracle.com/technetwork/java/javase/8u161-relnotes-4021379.html they enabled Unlimited cryptography by default. So we really need a new run with 8.0.161.

security-libs/javax.crypto Unlimited cryptography enabled by default The JDK uses the Java Cryptography Extension (JCE) Jurisdiction Policy files to configure cryptographic algorithm restrictions. Previously, the Policy files in the JDK placed limits on various algorithms. This release ships with both the limited and unlimited jurisdiction policy files, with unlimited being the default. The behavior can be controlled via the new 'crypto.policy' Security property found in the /lib/java.security file. Please refer to that file for more information on this property.