On Tue, 29 Apr 2025 21:51:00 GMT, Artur Barashev <abaras...@openjdk.org> wrote:
>> The current key manager is SunX509, which is configured in the >> java.security. The SunX509 algorithm does not check the local certificate. >> The PKIX algorithm should be preferred now so that the default key manager >> could be more robust. >> >> Compatibility considerations: >> >> 1) Customers using local certificates signed using algorithms prohibited by >> the default configuration (notably MD5 and SHA1) no longer will be able to >> use such certificates without modifying algorithm constraints in >> `java.security` config file. >> >> 2) Performance impact: there is about x2 performance decrease for full >> (non-resume) TLS handshake: >> >> **SUNX509** >> Benchmark (resume) (tlsVersion) Mode >> Cnt Score Error Units >> SSLHandshake.doHandshake true TLSv1.2 thrpt 15 19758.012 ± >> 758.237 ops/s >> SSLHandshake.doHandshake true TLS thrpt 15 1861.695 ± >> 14.681 ops/s >> SSLHandshake.doHandshake false TLSv1.2 thrpt 15 **1186.962** >> ± 12.085 ops/s >> SSLHandshake.doHandshake false TLS thrpt 15 **1056.288** >> ± 7.197 ops/s >> Finished running test 'micro:java.security.SSLHandshake' >> >> **PKIX** >> Benchmark (resume) (tlsVersion) Mode >> Cnt Score Error Units >> SSLHandshake.doHandshake true TLSv1.2 thrpt 15 19724.887 ± >> 393.636 ops/s >> SSLHandshake.doHandshake true TLS thrpt 15 1848.927 ± >> 22.946 ops/s >> SSLHandshake.doHandshake false TLSv1.2 thrpt 15 **511.684** >> ± 5.405 ops/s >> SSLHandshake.doHandshake false TLS thrpt 15 **490.698** >> ± 6.453 ops/s >> Finished running test 'micro:java.security.SSLHandshake' > > Artur Barashev has updated the pull request incrementally with one additional > commit since the last revision: > > Address review comments I have a few points for making the change: 1. On my laptop the handshake time increased from 1ms to 2ms. So while it's a x2 increase it's not going to be noticeable. 2. I'm not 100% sure, but from what I read at least the half of the TLS connections these days are of resume type, and the performance for those is unchanged. Here is a good article from CloudFlare on this topic: https://blog.cloudflare.com/tls-session-resumption-full-speed-and-secure. They set session ticket lifetime to 18h. 3. Unlike SunX509, PKIX KeyManager checks local certificate signature algorithms against local algorithm constraints and also against peer-supported algorithms supplied by the peer. So technically we are in violation of TLSv1.3 RFC when using SunX509 because we ignore peer-supported certificate signature schemes. Also we don't respect our own algorithm constraints in `java.security` for local certificates which is the behavior users may expect. ------------- PR Comment: https://git.openjdk.org/jdk/pull/24756#issuecomment-2842610353
