After updating the server running on OpenJDK, it is not possible to connect to a billed company using the client application. The client freezes after selecting the company on the "Connecting to data source..." dialog.
The problem is caused by bugs in elliptic curve encryption in OpenJDK (JRE): https://bugs.openjdk.java.net/browse/JDK-8173783
Possible solutions:
1. Install Oracle Java and set it as the default (using the alternatives option: https://podpora.flexibee.eu/cs/articles/4710956-java-aktualizace), or uninstall OpenJDK (JRE) entirely.
2. Disable the use of elliptic curves for the Flexi server. This procedure resolves only some of the issues with connecting to the server.
The use of elliptic curves can be disabled using the Java parameter: -Dcom.sun.net.ssl.enableECC=false On a Linux server, this parameter can be placed in the file /etc/default/flexi:
FLEXI_SERVER_JAVA_ARGS="${FLEXI_SERVER_JAVA_ARGS} -Dcom.sun.net.ssl.enableECC=false"
The effect of this option can be verified after restarting the server by checking the log, where the following should no longer appear in the list of enabled ciphers: TLS_ECDH*
2017-03-10 15:05:27,102 INFO SslHolder:187 - Enabled SSL cipher suites: {TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_
128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_
WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_
EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV}