After updating a server running on OpenJDK, it is not possible to connect to a billed company using the client application. The client gets stuck after selecting the company at the "Connecting to data source..." dialog.
The problem is caused by bugs in elliptic curve encryption in OpenJDK (JRE): https://bugs.openjdk.java.net/browse/JDK-8173783
Possible solutions:
1. Install Oracle Java and set it as the default (alternatives option: https://podpora.flexibee.eu/cs/articles/4710956-java-aktualizace), or alternatively uninstall OpenJDK (JRE) entirely.
2. Disable the use of elliptic curves for the Flexi server. This approach resolves only some of the login issues with the server.
The use of elliptic curves can be disabled via the Java parameter: -Dcom.sun.net.ssl.enableECC=false On a Linux server, the parameter can be placed in the file /etc/default/flexi:
FLEXI_SERVER_JAVA_ARGS="${FLEXI_SERVER_JAVA_ARGS} -Dcom.sun.net.ssl.enableECC=false"
The effectiveness of this setting can be verified after restarting the server in the log, where the following should no longer appear in the list of enabled ciphers: TLS_ECDH*
2017-03-10 15:05:27,102 INFO SslHolder:187 - Enabled SSL cipher suites: {TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_
128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_
WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_
EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV}