Enabling TLS1.2 by default

Andrew Hughes gnu.andrew at redhat.com
Wed Aug 19 18:33:54 UTC 2015 


----- Original Message -----
> Hi!
> 
> I'm looking into enabling TLS 1.2 by default in OpenJDK 7 as per
> JDK-7093640 [1]. The reasoning being:
> 1. we have reports that server admins are starting to disable CBC
> unless TLS level is 1.1+ [2]
> 2. RC4 has been disabled by JDK-8076221 [3] and S8043202
> (CVE-2015-2808: Prohibit RC4 cipher suites)
> thus leaving no trusted ciphers for TLS1.0.
> 
> [1] https://bugs.openjdk.java.net/browse/JDK-7093640
> [2] https://bugs.openjdk.java.net/browse/JDK-8076221
> [2] https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/1482924
> 
> This requires backporting at least 7093640 from JDK8u. Would such
> backport be accepted for jdk7u-dev?
> 
> Now, would it be acceptable to bring a few more backports? Such as:
> 7059709: close the IO in a final block
> 7167092: Need to put the return clause in the synchronized block
> 8022746: List of spelling errors in API doc
> 
> Those cover mostly ProtocolVersion, SSLContextImpl, and SunJSSE in
> sun/security/ssl.
> 
> I can see a lot of other fixes in sun/security/ssl and I wonder if it
> would be good to bring a few those in as well. Can someone point
> important ones in case TLS 1.2 is enabled by default? Here is a list
> of changes that didn't make into JDK7, I haven't fully checked each
> one to see if they are JDK8 only stuff, but it might help pick
> important ones:
> 
> 6956398: make ephemeral DH key match the length of the certificate key
> 6966259: Make PrincipalName and Realm immutable
> 7030966: Support AEAD CipherSuites
> 7059542: JNDI name operations should be locale independent
> 7063647: To use synchronized map in key manager
> 7064075: Security libraries don't build with javac
> -Xlint:all,-deprecation -Werror
> 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server
> 7092897: sun.security.util.Cache should be generified
> 7111548: unexpected debug log message
> 7145837: a little performance improvement on the usage of SecureRandom
> 7166487: checkSequenceNumber method never called within readRecord of
> SSLEngineImpl
> 7188657: There should be a way to reorder the JSSE ciphers
> 7188658: Add possibility to disable client initiated renegotiation
> 7194075: Various classes of sunec.jar are duplicated in rt.jar
> 8000970: break out auxiliary classes that will prevent multi-core
> compilation of the JDK
> 8003951: Removes unused variables in sun.security.ssl
> 8004019: Removes unused method HandshakeHash.setCertificateVerifyAlg()
> 8005447: default principal should act as anyone
> 8005523: Unbound krb5 for TLS
> 8005535: SSLSessionImpl should have protected finalize()
> 8009925: Back out AEAD CipherSuites temporarily
> 8011680: Re-integrate AEAD implementation of JSSE
> 8017049: rename property jdk.tls.rejectClientInitializedRenego
> 8019359: To comment why not use no_renegotiation to reject client
> initiated renegotiation
> 8023230: The impl of KerberosClientKeyExchange maybe not exist
> 8025123: SNI support in Kerberos cipher suites
> 8042449: Issue for negative byte major record version
> 8044860: Vectors and fixed length fields should be verified for allowed
> sizes.
> 8054037: Improve tracing for java.security.debug=certpath
> 8067694: Improved certification checking
> 8072385: Only the first DNSName entry is checked for endpoint identification
> 8074865: General crypto resilience changes
> 8075040: Need a test to cover FREAK (BugDB 20647631)
> 8076328: Enforce key exchange constraints
> 
> 
> Best regards,
> Tiago
> 
> --
> Tiago Stürmer Daitx
> Software Engineer
> tiago.daitx at canonical.com
> 

Hi Tiago,

I'm working on getting the 7u85 release into upstream OpenJDK 7u right
now, but just wanted to let you know that I'd seen this mail. I'll
go through it in more detail when I've finished with that.

>From a quick glance, there's some stuff that's already on my list that
we have in IcedTea (8072385 and 6956398 for sure). There's also some
stuff that initially looks like refactoring/new feature stuff that I don't
think is appropriate, but I'll have to go through the actual changesets.

As to TLS 1.2 on by default, I think there's precedent for this in
us adding TLS 1.1 on OpenJDK 6 and I'm of the opinion that secure by default
outweighs compatible by default. But I'd appreciate the input of others.

Thanks,
-- 
Andrew :)

Senior Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222

PGP Key: rsa4096/248BDC07 (hkp://keys.gnupg.net)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F  8F91 3B96 A578 248B DC07

More information about the jdk7u-dev mailing list