[security-dev 00055]: State of TLS 1.1 implementation

Christian Uebber briefkasten at uebber.de
Mon Jan 28 16:48:16 PST 2008

The SunJSSE of CBC mode is insecure against chosen plaintext attacks  
(as all TLS 1.0 implemetations). What's the state of TLS 1.1 support  
for (Open)JDK 7?

TLS 1.1 adds explicit IVs, which is a viable fix for the vulnerability  
and also removes inter-record dependency. The latter is needed by DTLS  
for loss insensitive messaging.

More information about the security-dev mailing list