Re: Support for TLS 1.1 & 1.2

Thu, 23 Dec 2010 18:47:49 -0800 


On 12/23/2010 7:21 AM, martin.c...@bt.com wrote:

Brad,

Has there been any move to support TLS in oracle JRE?



I'm a little confused by the question, or maybe the confusion lies in 
how the OpenJDK 7 is part of OracleJDK.  We take the OpenJDK 7 source 
and make some modificiations (adding in some closed code, replacing bits 
here/there, etc.).  So Oracle JDK 7 has had TLS 1.2 since mid-November, 
b114 if I'm reading the logs right.



In terms of the continued use of SHA-1, here is a useful site that

> summarises various recommendations and most state that SHA-1
> should be phased out now.


SHA-1 can still be used as the basis of MACs which is where it's used a 
lot in TLS.  It's SHA-1 by itself that is of concern.


Brad



http://www.keylength.com/en/3/

I can see that openjdk now includes TLS 1.2 which is great. We are looking to 
replace all use of SHA-1 but use the standard JRE not openjdk.

Regards,
Martin

-----Original Message-----
From: security-dev-boun...@openjdk.java.net 
[mailto:security-dev-boun...@openjdk.java.net] On Behalf Of Bradford Wetmore
Sent: 20 April 2010 22:49
To: Christopher Wood ( Ottawa ); 'security-dev@openjdk.java.net'; 
briefkas...@uebber.de
Subject: Re: Support for TLS 1.1&  1.2


Christian/Christopher and any others,

On 1/7/2010 8:47 AM, Christopher Wood ( Ottawa ) wrote:


1. In a previous email (January 2008)


...referring to Christian's email...
http://mail.openjdk.java.net/pipermail/security-dev/2008-January/000054.html


asked about support for
TLS 1.1.  The reply indicated that it was planned for J2SE 7 and that
the implementation was in progress; is that still the case?


We had made some progress, but some higher-priority issues came up and
it got back-burnered.


2. Are there any plans to support TLS 1.2?  If so, in what release and
timeframe?


With all the transitions going on around here, we're now regrouping on
the question of *BOTH* TLS 1.1 and 1.2 support.  We're going to be
re-proposing TLS 1.1/1.2 for a future JDK release.  We've been pulling
together our own reasons, but having actual customer feedback will help
our case for completing this work.  Any information you can supply about
your needs may be added to our proposal.  Feel free to reply directly to
me if you'd rather not discuss your needs in a public forum.

Thanks,
Brad























					Reply via email to