AnsweredAssumed Answered

Handshake simulation for Java Clients

Question asked by brihow on Dec 18, 2017
Latest reply on Dec 19, 2017 by Bhushan Lokhande

Currently the baseline versions of Java Clients included in the Handshake simulation is very old, and may give sites an incorrect assessment of what protocols are required to support clients.  This could lead sites to retain RSA key exchange and 3DES longer than actually necessary.  I would suggest a good "Crypto baseline" for Java to be the January, 2017 release.


2017-01-17 - 8u121 b13, 7u131 b12, 6u141 b12, R28.3.13


* For TLS, 3DES has been added to the jdk.tls.legacyAlgorithms security property. 3DES cipher suites will be used only if no stronger candidates can be used.
* Added support for the SHA224withDSA and SHA256withDSA signature algorithms.
* Increased the maximum key length for DSA to 2048 bits Maximum key length for DSA increased to 2048 bits.
* For TLS, disabled EC for keys of less than 256 bits. Elsewhere, disabled EC certificates with keys less than 224 bits.
* Increased the minimum key length for DSA certificates to 1024 bits.
* Added TLS 1.1 and 1.2 to the client list of default-enabled protocols.


2016-04-29 6u115 b32

* TLS 1.2 Added support for TLS 1.2 to JDK 6.

2016-01-19 6u111 b12 TLS 1.11

* Added support for TLS 1.1 to JDK 6.


Java Crypto Roadmap
Java Crypto Config