[security-dev 00056]: Re: State of TLS 1.1 implementation

Andrew Fan andrew.fan at sun.com
Mon Jan 28 19:17:19 PST 2008


Christian Uebber wrote:
> The SunJSSE of CBC mode is insecure against chosen plaintext attacks 
> (as all TLS 1.0 implemetations). What's the state of TLS 1.1 support 
> for (Open)JDK 7?
>
We plan support TLS1.1 for JDK 7, the implementation is in progress.

Andrew
> TLS 1.1 adds explicit IVs, which is a viable fix for the vulnerability 
> and also removes inter-record dependency. The latter is needed by DTLS 
> for loss insensitive messaging.




More information about the security-dev mailing list