Enabling TLS1.2 by default

Thu Aug 13 15:40:28 UTC 2015

Hi!

I'm looking into enabling TLS 1.2 by default in OpenJDK 7 as per
JDK-7093640 [1]. The reasoning being:
1. we have reports that server admins are starting to disable CBC
unless TLS level is 1.1+ [2]
2. RC4 has been disabled by JDK-8076221 [3] and S8043202
(CVE-2015-2808: Prohibit RC4 cipher suites)
thus leaving no trusted ciphers for TLS1.0.

[1] https://bugs.openjdk.java.net/browse/JDK-7093640
[2] https://bugs.openjdk.java.net/browse/JDK-8076221
[2] https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/1482924

This requires backporting at least 7093640 from JDK8u. Would such
backport be accepted for jdk7u-dev?

Now, would it be acceptable to bring a few more backports? Such as:
7059709: close the IO in a final block
7167092: Need to put the return clause in the synchronized block
8022746: List of spelling errors in API doc

Those cover mostly ProtocolVersion, SSLContextImpl, and SunJSSE in
sun/security/ssl.

I can see a lot of other fixes in sun/security/ssl and I wonder if it
would be good to bring a few those in as well. Can someone point
important ones in case TLS 1.2 is enabled by default? Here is a list
of changes that didn't make into JDK7, I haven't fully checked each
one to see if they are JDK8 only stuff, but it might help pick
important ones:

6956398: make ephemeral DH key match the length of the certificate key
6966259: Make PrincipalName and Realm immutable
7030966: Support AEAD CipherSuites
7059542: JNDI name operations should be locale independent
7063647: To use synchronized map in key manager
7064075: Security libraries don't build with javac
-Xlint:all,-deprecation -Werror
7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server
7092897: sun.security.util.Cache should be generified
7111548: unexpected debug log message
7145837: a little performance improvement on the usage of SecureRandom
7166487: checkSequenceNumber method never called within readRecord of
SSLEngineImpl
7188657: There should be a way to reorder the JSSE ciphers
7188658: Add possibility to disable client initiated renegotiation
7194075: Various classes of sunec.jar are duplicated in rt.jar
8000970: break out auxiliary classes that will prevent multi-core
compilation of the JDK
8003951: Removes unused variables in sun.security.ssl
8004019: Removes unused method HandshakeHash.setCertificateVerifyAlg()
8005447: default principal should act as anyone
8005523: Unbound krb5 for TLS
8005535: SSLSessionImpl should have protected finalize()
8009925: Back out AEAD CipherSuites temporarily
8011680: Re-integrate AEAD implementation of JSSE
8017049: rename property jdk.tls.rejectClientInitializedRenego
8019359: To comment why not use no_renegotiation to reject client
initiated renegotiation
8023230: The impl of KerberosClientKeyExchange maybe not exist
8025123: SNI support in Kerberos cipher suites
8042449: Issue for negative byte major record version
8044860: Vectors and fixed length fields should be verified for allowed sizes.
8054037: Improve tracing for java.security.debug=certpath
8067694: Improved certification checking
8072385: Only the first DNSName entry is checked for endpoint identification
8074865: General crypto resilience changes
8075040: Need a test to cover FREAK (BugDB 20647631)
8076328: Enforce key exchange constraints

Best regards,
Tiago

-- 
Tiago Stürmer Daitx
Software Engineer
tiago.daitx at canonical.com