Java 9 Security Enhancements
With the General Availability release of Java 9 scheduled for today, I thought it would be appropriate to go over the new features that pertain to security.
Implement HTTP/2 Client
Implementation of a HTTP/2 Client in the standard java SDK. JEP 110
SHA-3 Hash Algorithms
Implements the SHA-3 cryptographic hash functions defined by NIST FIPS 202:
SHA3-512. JEP 287
Improve Secure Application Performance
Improves performance of applications that run with a
SecurityManager enabled. JEP 232
Disable SHA-1 Certificates
Allows you to disable X.509 certificate chains with SHA-1 based signatures (eg TLS / HTTPS). JEP 288
TLS Application-Layer Protocol Negotiation Extension (ALPN)
Implements the ALPN TLS extension, needed for HTTP/2. JEP 244
Create PKCS12 Keystores by Default
Instead of the proprietary JKS format, use standard PKCS12 format. JEP 229
OCSP Stapling for TLS
Implements OCSP stapling via TLS Certificate Status Request Extension and Multiple Certificate Status Request Extension. JEP 249
Leverage CPU Instructions for GHASH and RSA
Improves performance by leveraging CPU instructions. JEP 246
DRBG-Based SecureRandom Implementations
Implements Deterministic Random Bit Generator defined in NIST 800-90Ar1. JEP 273
Filter incoming serialization data
Allows filtering of incoming streams of object-serialization data. JEP 290
Datagram Transport Layer Security (DTLS) API
Defines an API for working with DTLS (RFC 4347). JEP 219
Overall some nice security improvements to look forward to.
Like this? Follow me ↯Tweet Follow @pfreitag
Java 9 Security Enhancements was first published on September 21, 2017.
If you like reading about java, jdk, jre, or security then you might also like:
- Java Unlimited Strength Crypto Policy for Java 9 or 1.8.0_151
- Spring4Shell and ColdFusion
- Log4j 1.x Vulnerability Mitigation Guide
- Log4Shell Vulnerability Timeline
- How to get Log4j Version at Runtime in Java
- Log4j CVE-2021-44228 Log4Shell Vulnerability on ColdFusion / Lucee
- Tomcat Java 10 on Windows CreateJavaVM Failed
- HashDOS and ColdFusion
Want Security Advisories via Email?
Advisory Week is a new weekly email containing security advisories published by major software vendors (Adobe, Apple, Microsoft, etc).