Code Review Request JDK-8046294 Generate the 4-byte timestamp randomly

Xuelei Fan xuelei.fan at oracle.com
Mon May 23 03:36:51 UTC 2016


Hi,

Please review the update of SunJSSE provider in JDK 9:

   http://cr.openjdk.java.net/~xuelei/8046294/webrev/

In TLS 1.2 and previous protocols, the client and server random value
are defined as:

   struct {
       uint32 gmt_unix_time;
       opaque random_bytes[28];
   } Random;

NIST SP 800-52 is suggesting to replace gmt_unix_time with random
values. In TLS 1.3, the value will be updated to:

   struct {
       opaque random_bytes[32];
   } Random;

The 4-byte timestamp will not be used any more.

Per the NIST recommendation, this update will replace timestamp with
random values.  Considering the coming update of TLS 1.3, the
compatibility impact should be minimal.

Thanks,
Xuelei



More information about the security-dev mailing list