Code Review Request JDK-8046294 Generate the 4-byte timestamp randomly
Xuelei Fan
xuelei.fan at oracle.com
Mon May 23 03:36:51 UTC 2016
Hi,
Please review the update of SunJSSE provider in JDK 9:
http://cr.openjdk.java.net/~xuelei/8046294/webrev/
In TLS 1.2 and previous protocols, the client and server random value
are defined as:
struct {
uint32 gmt_unix_time;
opaque random_bytes[28];
} Random;
NIST SP 800-52 is suggesting to replace gmt_unix_time with random
values. In TLS 1.3, the value will be updated to:
struct {
opaque random_bytes[32];
} Random;
The 4-byte timestamp will not be used any more.
Per the NIST recommendation, this update will replace timestamp with
random values. Considering the coming update of TLS 1.3, the
compatibility impact should be minimal.
Thanks,
Xuelei
More information about the security-dev
mailing list