[security-dev 00055]: State of TLS 1.1 implementation

Christian Uebber briefkasten at uebber.de
Tue Jan 29 00:48:16 UTC 2008


The SunJSSE of CBC mode is insecure against chosen plaintext attacks  
(as all TLS 1.0 implemetations). What's the state of TLS 1.1 support  
for (Open)JDK 7?

TLS 1.1 adds explicit IVs, which is a viable fix for the vulnerability  
and also removes inter-record dependency. The latter is needed by DTLS  
for loss insensitive messaging.



More information about the security-dev mailing list