Enabling TLS1.2 by default

Sat Sep 5 12:24:01 UTC 2015

> As to TLS 1.2 on by default, I think there’s precedent for this in
> us adding TLS 1.1 on OpenJDK 6 and I'm of the opinion that secure by default
> outweighs compatible by default

I agree. If there was such thing as TLS 1.1.1 with just security fixes - that would 
be the way to go. The only  way to stay secure with reasonable effort - update to 1.2.

Ivan

> On 19 Aug 2015, at 21:33, Andrew Hughes <gnu.andrew at redhat.com> wrote:
> 
> 
> 
> ----- Original Message -----
>> Hi!
>> 
>> I'm looking into enabling TLS 1.2 by default in OpenJDK 7 as per
>> JDK-7093640 [1]. The reasoning being:
>> 1. we have reports that server admins are starting to disable CBC
>> unless TLS level is 1.1+ [2]
>> 2. RC4 has been disabled by JDK-8076221 [3] and S8043202
>> (CVE-2015-2808: Prohibit RC4 cipher suites)
>> thus leaving no trusted ciphers for TLS1.0.
>> 
>> [1] https://bugs.openjdk.java.net/browse/JDK-7093640
>> [2] https://bugs.openjdk.java.net/browse/JDK-8076221
>> [2] https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/1482924
>> 
>> This requires backporting at least 7093640 from JDK8u. Would such
>> backport be accepted for jdk7u-dev?
>> 
>> Now, would it be acceptable to bring a few more backports? Such as:
>> 7059709: close the IO in a final block
>> 7167092: Need to put the return clause in the synchronized block
>> 8022746: List of spelling errors in API doc
>> 
>> Those cover mostly ProtocolVersion, SSLContextImpl, and SunJSSE in
>> sun/security/ssl.
>> 
>> I can see a lot of other fixes in sun/security/ssl and I wonder if it
>> would be good to bring a few those in as well. Can someone point
>> important ones in case TLS 1.2 is enabled by default? Here is a list
>> of changes that didn't make into JDK7, I haven't fully checked each
>> one to see if they are JDK8 only stuff, but it might help pick
>> important ones:
>> 
>> 6956398: make ephemeral DH key match the length of the certificate key
>> 6966259: Make PrincipalName and Realm immutable
>> 7030966: Support AEAD CipherSuites
>> 7059542: JNDI name operations should be locale independent
>> 7063647: To use synchronized map in key manager
>> 7064075: Security libraries don't build with javac
>> -Xlint:all,-deprecation -Werror
>> 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server
>> 7092897: sun.security.util.Cache should be generified
>> 7111548: unexpected debug log message
>> 7145837: a little performance improvement on the usage of SecureRandom
>> 7166487: checkSequenceNumber method never called within readRecord of
>> SSLEngineImpl
>> 7188657: There should be a way to reorder the JSSE ciphers
>> 7188658: Add possibility to disable client initiated renegotiation
>> 7194075: Various classes of sunec.jar are duplicated in rt.jar
>> 8000970: break out auxiliary classes that will prevent multi-core
>> compilation of the JDK
>> 8003951: Removes unused variables in sun.security.ssl
>> 8004019: Removes unused method HandshakeHash.setCertificateVerifyAlg()
>> 8005447: default principal should act as anyone
>> 8005523: Unbound krb5 for TLS
>> 8005535: SSLSessionImpl should have protected finalize()
>> 8009925: Back out AEAD CipherSuites temporarily
>> 8011680: Re-integrate AEAD implementation of JSSE
>> 8017049: rename property jdk.tls.rejectClientInitializedRenego
>> 8019359: To comment why not use no_renegotiation to reject client
>> initiated renegotiation
>> 8023230: The impl of KerberosClientKeyExchange maybe not exist
>> 8025123: SNI support in Kerberos cipher suites
>> 8042449: Issue for negative byte major record version
>> 8044860: Vectors and fixed length fields should be verified for allowed
>> sizes.
>> 8054037: Improve tracing for java.security.debug=certpath
>> 8067694: Improved certification checking
>> 8072385: Only the first DNSName entry is checked for endpoint identification
>> 8074865: General crypto resilience changes
>> 8075040: Need a test to cover FREAK (BugDB 20647631)
>> 8076328: Enforce key exchange constraints
>> 
>> 
>> Best regards,
>> Tiago
>> 
>> --
>> Tiago Stürmer Daitx
>> Software Engineer
>> tiago.daitx at canonical.com
>> 
> 
> Hi Tiago,
> 
> I'm working on getting the 7u85 release into upstream OpenJDK 7u right
> now, but just wanted to let you know that I'd seen this mail. I'll
> go through it in more detail when I've finished with that.
> 
> From a quick glance, there's some stuff that's already on my list that
> we have in IcedTea (8072385 and 6956398 for sure). There's also some
> stuff that initially looks like refactoring/new feature stuff that I don't
> think is appropriate, but I'll have to go through the actual changesets.
> 
> As to TLS 1.2 on by default, I think there's precedent for this in
> us adding TLS 1.1 on OpenJDK 6 and I'm of the opinion that secure by default
> outweighs compatible by default. But I'd appreciate the input of others.
> 
> Thanks,
> -- 
> Andrew :)
> 
> Senior Free Java Software Engineer
> Red Hat, Inc. (http://www.redhat.com)
> 
> PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
> Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222
> 
> PGP Key: rsa4096/248BDC07 (hkp://keys.gnupg.net)
> Fingerprint = EC5A 1F5E C0AD 1D15 8F1F  8F91 3B96 A578 248B DC07
> 