Code Review Request JDK-8046294 Generate the 4-byte timestamp randomly

Wang Weijun weijun.wang at oracle.com
Mon May 23 06:26:48 UTC 2016


Code change looks good.

Thanks
Max

> On May 23, 2016, at 11:36 AM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
> 
> Hi,
> 
> Please review the update of SunJSSE provider in JDK 9:
> 
>   http://cr.openjdk.java.net/~xuelei/8046294/webrev/
> 
> In TLS 1.2 and previous protocols, the client and server random value
> are defined as:
> 
>   struct {
>       uint32 gmt_unix_time;
>       opaque random_bytes[28];
>   } Random;
> 
> NIST SP 800-52 is suggesting to replace gmt_unix_time with random
> values. In TLS 1.3, the value will be updated to:
> 
>   struct {
>       opaque random_bytes[32];
>   } Random;
> 
> The 4-byte timestamp will not be used any more.
> 
> Per the NIST recommendation, this update will replace timestamp with
> random values.  Considering the coming update of TLS 1.3, the
> compatibility impact should be minimal.
> 
> Thanks,
> Xuelei




More information about the security-dev mailing list