RFC7525 mapped to JSSE

Thu Aug 11 23:48:23 UTC 2016

Thank you, Bernd.

> For Java 8 the EC keySize < 224, can it be added?
It's a plan of mine.

> the fallback signalling cipher (with limited usefullness).
It's a plan of mine, too.  Note that JDK does not support fallback by
default.

DH items:  JDK does not reuse DH exponents and check the received public
keys.

Thanks,
Xuelei

On 8/12/2016 7:10 AM, Jamil Nimeh wrote:
> Hi Bernd,
> 
> For the status_request_v2 extension, both ocsp and ocsp_multi forms are
> supported, with preference on the latter type.  The only feature we
> currently don't support right now is Responder ID selection,  and that
> will hopefully come in a 9 update.
> 
> --Jamil
> 
> -------- Original message --------
> From: Bernd Eckenfels <ecki at zusammenkunft.net>
> Date: 8/11/16 3:00 PM (GMT-08:00)
> To: security-dev at openjdk.java.net
> Subject: Re: RFC7525 mapped to JSSE
> 
> Hello,
> 
> thank you Xuelei and Jamil. I updated the sheet and added an actual
> column for Java 9. There are still some todos left (mostly for digging
> up the detauls), but it starts to look complete now.
> 
> There are only two real non-compliances (for Java 9), that is the
> support for HSTS in client code (not related to JSSE) and the fallback
> signalling cipher (with limited usefullness).
> 
> For Java 8 the EC keySize < 224, can it be added?
> 
> For OCSP, the status_request(_v2), does it also support the multi
> certificate variant?
> 
> https://docs.google.com/spreadsheets/d/135Eqf3RCpYLcmVHOIPb_Q7pzFde9yqJI_oD2jvpnKPE
> 
> Gruss
> Bernd
> 
> 
> Am Mon, 8 Aug 2016 08:57:29 +0800
> schrieb Xuelei Fan <xuelei.fan at oracle.com>:
> 
>> Hi Bernd,
>>
>> Thanks for the summary of the compliance.  The following comments are
>> mainly about the items marked with "TODO" or "???".
>>
>> JDK 9 will support DTLS 1.0/1.2 and OCSP stapling (both RFC 6066 and
>> RFC 6961).
>>
>> The server preference of cipher suites can be configurable.
>>
>> JDK uses uncompressed EC point format only.
>>
>> JDK does not use EC curves < 224 bits for EC key exchange, default
>> 256+ bits.
>>
>> For TLS 1.2, SHA2 is requested in the signature algorithm extension.
>>
>> JDK does not implement the truncted HMAC extension.
>>
>> JDK supports hostname verification APIs for HTTPS, and support
>> hostname verification during handshaking for HTTPS and LDAP.
>>
>> JDK tests the DH public keys.
>>
>> Thanks & Regards,
>> Xuelei
>>
>> On 8/2/2016 6:13 AM, Bernd Eckenfels wrote:
>> > Hello,
>> >
>> > because I was asked by a customer I started to map the RFC7525
>> >
>> > https://tools.ietf.org/html/rfc7525
>> >
>> > recommendations for TLS to JSSE implementation.
>> >
>> >
>> > It is not complete yet but I think I at least have extraced all
>> > "normative" requirements from the RFC into this table:
>> >
>> >
> https://docs.google.com/spreadsheets/d/135Eqf3RCpYLcmVHOIPb_Q7pzFde9yqJI_oD2jvpnKPE
>> >
>> > would like to get your feedback.
>> >
>> > Gruss
>> > Bernd
>> >
>>
> 