[security-dev 00056]: Re: State of TLS 1.1 implementation
Andrew Fan
andrew.fan at sun.com
Tue Jan 29 03:17:19 UTC 2008
Christian Uebber wrote:
> The SunJSSE of CBC mode is insecure against chosen plaintext attacks
> (as all TLS 1.0 implemetations). What's the state of TLS 1.1 support
> for (Open)JDK 7?
>
We plan support TLS1.1 for JDK 7, the implementation is in progress.
Andrew
> TLS 1.1 adds explicit IVs, which is a viable fix for the vulnerability
> and also removes inter-record dependency. The latter is needed by DTLS
> for loss insensitive messaging.
More information about the security-dev
mailing list