Code Review Request, JDK-8140436, Support the FFDHE TLS extension
Xuelei Fan
xuelei.fan at oracle.com
Thu Apr 13 18:15:04 UTC 2017
Hi,
Please review the enhancement to support Finite Field Diffie-Hellman
Ephemeral (FFDHE) Parameters negotiation in SSL/TLS/DTLS implementation.
http://cr.openjdk.java.net/~xuelei/8140436/webrev.00/
Updates:
1. Support predefined FFDHE parameters.
JDK will support the following FFDHE parameters defined in RFC 7919, in
preference order:
name | key size (bits)
---------------+-------------------
ffdhe2048 | 2048
---------------+-------------------
ffdhe3072 | 3072
---------------+-------------------
ffdhe4096 | 4096
---------------+-------------------
ffdhe6144 | 6144
---------------+-------------------
ffdhe8192 | 8192
---------------+-------------------
2. Define a new System Property so as to disable the FFDHE mechanism
For RFC 7919 compatible client, the predefined FFDHE parameter names are
present in the "supported_groups" TLS extension. Some server may not be
able to handle this extension or the FFDHE groups in the extension. If
there is an interop issue, the new defined System Property,
"jsse.enableFFDHE", can be used to dismiss the predefined FFDHE
parameters for DHE cipher suites.
3. Redefine the jdk.tls.ephemeralDHKeySize System Property.
For connection request from RFC 7919 compatible clients, the server
would prefer to use FFDHE mechanism at first unless
"jdk.tls.ephemeralDHKeySize" is defined to use "legacy" mode for
compatibility reason.
jdk.tls.ephemeralDHKeySize | FFDHE | Server behavior
---------------------------+----------------------+----------------------
"legacy" | in any case | Use legacy mode.
---------------------------+----------------------+----------------------
not "legacy" | Not present in the | Use DHE parameters
| ClientHello message | compatible to the
| | System Property.
---------------------------+----------------------+----------------------
not "legacy" | Present in the | Use the FFDHE
| ClientHello message | defined parameters.
Note: Exportable cipher suites do not use the FFDHE mechanism.
4. Extend the "jdk.tls.namedGroups" System Property
Extend the "jdk.tls.namedGroups" System Property to support customized
FFDHE groups. The following names are now supported by the System Property.
Names for named group | For EC or DH | Is it new in the update?
------------------------+---------------+-------------------------
secp256r1 | ECDHE | No
------------------------+---------------+-------------------------
secp384r1 | ECDHE | No
------------------------+---------------+-------------------------
secp521r1 | ECDHE | No
------------------------+---------------+-------------------------
sect283k1 | ECDHE | No
------------------------+---------------+-------------------------
sect283r1 | ECDHE | No
------------------------+---------------+-------------------------
sect409k1 | ECDHE | No
------------------------+---------------+-------------------------
sect409r1 | ECDHE | No
------------------------+---------------+-------------------------
sect571k1 | ECDHE | No
------------------------+---------------+-------------------------
sect571r1 | ECDHE | No
------------------------+---------------+-------------------------
ffdhe2048 | FFDHE | Yes
------------------------+---------------+-------------------------
ffdhe3072 | FFDHE | Yes
------------------------+---------------+-------------------------
ffdhe4096 | FFDHE | Yes
------------------------+---------------+-------------------------
ffdhe6144 | FFDHE | Yes
------------------------+---------------+-------------------------
ffdhe8192 | FFDHE | Yes
------------------------+---------------+-------------------------
Thanks,
Xuelei
More information about the security-dev
mailing list