RFR: 8283795: Add TLSv1.3 and CNSA 1.0 algorithms to implementation requirements
Sean Mullan
mullan at openjdk.org
Thu Jan 2 14:53:02 UTC 2025
Periodically, we review the security algorithm requirements to see if new algorithms should be added or existing ones should be removed. The requirements are intended to improve interoperability across different SE implementations by requiring a set of commonly used algorithms. The algorithms are not always based on the strength of the algorithm; the requirements are also based on how common the algorithms are, so some weaker algorithms are still on the list in order to support legacy use cases.
Add TLSv1.3 to the list of requirements. TLSv1.3 is the most secure protocol version and is in wide use. Add all cryptographic algorithms that are needed to implement the TLSv1.3 cipher suites and signature mechanisms defined by https://www.rfc-editor.org/rfc/rfc8446 as MUST or SHOULD requirements. Also add algorithms that are required by CNSA 1.0, which was added in JDK 19: https://bugs.openjdk.org/browse/JDK-8267319.
No required algorithms or protocols are being removed at this time.
See the CSR for the complete list of new requirements: https://bugs.openjdk.org/browse/JDK-8346684
-------------
Commit messages:
- Merge
- New requirements.
Changes: https://git.openjdk.org/jdk/pull/22904/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=22904&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8283795
Stats: 43 lines in 9 files changed: 29 ins; 0 del; 14 mod
Patch: https://git.openjdk.org/jdk/pull/22904.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/22904/head:pull/22904
PR: https://git.openjdk.org/jdk/pull/22904
More information about the net-dev
mailing list