Support for TLS 1.1 & 1.2

martin.corr at bt.com martin.corr at bt.com
Thu Dec 23 07:21:14 PST 2010


Brad,

Has there been any move to support TLS in oracle JRE? In terms of the continued use of SHA-1, here is a useful site that summarises various recommendations and most state that SHA-1 should be phased out now.

http://www.keylength.com/en/3/

I can see that openjdk now includes TLS 1.2 which is great. We are looking to replace all use of SHA-1 but use the standard JRE not openjdk.

Regards,
Martin

-----Original Message-----
From: security-dev-bounces at openjdk.java.net [mailto:security-dev-bounces at openjdk.java.net] On Behalf Of Bradford Wetmore
Sent: 20 April 2010 22:49
To: Christopher Wood ( Ottawa ); 'security-dev at openjdk.java.net'; briefkasten at uebber.de
Subject: Re: Support for TLS 1.1 & 1.2


Christian/Christopher and any others,

On 1/7/2010 8:47 AM, Christopher Wood ( Ottawa ) wrote:

> 1. In a previous email (January 2008) 

...referring to Christian's email...
http://mail.openjdk.java.net/pipermail/security-dev/2008-January/000054.html

> asked about support for
> TLS 1.1.  The reply indicated that it was planned for J2SE 7 and that
> the implementation was in progress; is that still the case?

We had made some progress, but some higher-priority issues came up and
it got back-burnered.

> 2. Are there any plans to support TLS 1.2?  If so, in what release and
> timeframe?

With all the transitions going on around here, we're now regrouping on
the question of *BOTH* TLS 1.1 and 1.2 support.  We're going to be
re-proposing TLS 1.1/1.2 for a future JDK release.  We've been pulling
together our own reasons, but having actual customer feedback will help
our case for completing this work.  Any information you can supply about
your needs may be added to our proposal.  Feel free to reply directly to
me if you'd rather not discuss your needs in a public forum.

Thanks,
Brad




More information about the security-dev mailing list