JEP 329: ChaCha20 and Poly1305 Cryptographic Algorithms
Jamil Nimeh
jamil.j.nimeh at oracle.com
Fri Mar 23 22:32:00 UTC 2018
Hi Thomas,
The TLS cipher suites have been decoupled from the ChaCha20/Poly1305 JEP
because of the changes in the new handshake design [1] for our JSSE
provider. From a programmatic/schedule perspective, it made more sense
to get the algorithms in ahead of the TLS cipher suites and then add the
cipher suites once the handshaking code is a bit farther along in its
implementation.
With respect to a pluggable interface for TLS cipher suites and hello
extensions, this is an area we have done some investigation on in the
past, but haven't seriously pursued it due to other features taking a
higher priority in each release. It is certainly a topic that we can
discuss on the alias in terms of how one would go about doing it.
It appears that you've signed an OCA (Oracle Contributor Agreement) but
I would probably start with discussions on designing APIs for plugging
in extensions and/or cipher suites before we start looking at code.
Your thoughts on the design for these features would be welcome.
[1] http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.01/
--Jamil
On 3/22/2018 3:26 PM, Thomas Lußnig wrote:
> Hi,
>
> is there any reason that the cipher and and the tls inclusion is split
> into two separate jep?
> And the second question is why is there no way for user to add new
> cipher suites that can
> be used in the tls protocol? Since i extend jdk8 with chacha for tls i
> know that it would be
> no big issue to add an API that allow to add new CipherSuites this
> would be an great improvement
> if the TLS-Protocol and the CIPHER-Implementation is more loose coupled.
> Also an plugin system for TLS-Hello Extensions would be great.
>
> Gruß Thomas
>
> On 3/22/2018 10:19 PM, mark.reinhold at oracle.com wrote:
>> New JEP Candidate: http://openjdk.java.net/jeps/329
>>
>> - Mark
More information about the security-dev
mailing list