With the General Availability release of Java 9 scheduled for today, I thought it would be appropriate to go over the new features that pertain to security.
Implement HTTP/2 Client
Implementation of a HTTP/2 Client in the standard java SDK. JEP 110
SHA-3 Hash Algorithms
Implements the SHA-3 cryptographic hash functions defined by NIST FIPS 202: SHA3-224, SHA3-256, SHA3-384, and SHA3-512. JEP 287
Improve Secure Application Performance
Improves performance of applications that run with a SecurityManager enabled. JEP 232
Disable SHA-1 Certificates
Allows you to disable X.509 certificate chains with SHA-1 based signatures (eg TLS / HTTPS). JEP 288
TLS Application-Layer Protocol Negotiation Extension (ALPN)
Implements the ALPN TLS extension, needed for HTTP/2. JEP 244
Create PKCS12 Keystores by Default
Instead of the proprietary JKS format, use standard PKCS12 format. JEP 229
OCSP Stapling for TLS
Implements OCSP stapling via TLS Certificate Status Request Extension and Multiple Certificate Status Request Extension. JEP 249
Leverage CPU Instructions for GHASH and RSA
Improves performance by leveraging CPU instructions. JEP 246
DRBG-Based SecureRandom Implementations
Implements Deterministic Random Bit Generator defined in NIST 800-90Ar1. JEP 273
Filter incoming serialization data
Allows filtering of incoming streams of object-serialization data. JEP 290
Datagram Transport Layer Security (DTLS) API
Defines an API for working with DTLS (RFC 4347). JEP 219
Overall some nice security improvements to look forward to.