Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Does the JSSE in Oracle JDK8 implements TLS Fallback SCSV?

Tags:

java

security

ssl

jsse

beast

It looks like JSSE in OpenJDK version 8 does not implement RFC7507. There is an open defect in OpenJDK bug tracker: JDK-8061798

But there is not much information about the Oracle JDK. Does the Oracle JDK version 8 implement TLS Fallback Signaling Cipher Suite Value (SCSV)? And if it does how this feature can be enabled?

like image 456
Bohdan Cherniakh Avatar asked Jun 27 '17 12:06

Bohdan Cherniakh

People also ask

What is TLS fallback SCSV?

The TLS Signaling Cipher Suite Value (SCSV) protects against TLS/SSL downgrade attacks such as POODLE. If enabled, the server ensures that the strongest protocol that both client and server understand is used. Here's what you need to know about the TLS_FALLBACK_SCSV signal, how it works, and how to enable it.

What is JDK TLS disabledAlgorithms?

disabledAlgorithms and jdk. tls. disabledAlgorithm security properties to disable algorithms during TLS protocol negotiation, including version negotiation, cipher suites selection, peer authentication, and key exchange mechanisms.

What is JDK TLS ephemeralDHKeySize?

tls. ephemeralDHKeySize , is defined to customize the ephemeral DH key sizes. The minimum acceptable DH key size is 1024 bits, except for exportable cipher suites or legacy mode ( jdk.

What is JDK TLS client protocols?

jdk.tls.client.protocols. Controls the underlying platform TLS implementation. Additional information is available in the JSSE Reference Guide. Example: -Djdk.tls.client.protocols=TLSv1.2. Available in all Java™ 11 & 8 releases, or after Java™ 7 update 95 (January 2016) and Java™ 6 update 121 (July 2016).

1 Answers

I can find no evidence to suggest that the Oracle JDK 8 supports this feature.

It seems that the reason that the RFE in JDK-8061798 was not acted on is that this would be a breaking change. A comments on the above says:

As mentioned in the SSLParameters, this requires an API change for JDK 9, and likely can't be done for shipping JDK's.

UPDATE: The RFE was closed (WillNotFix) on 27th July 2017. The comments say that it was deemed unnecessary, since current mainstream web browsers no longer support this (legacy) feature. However comments say that if this changes, the RFE could be reopened.

like image 159
Stephen C Avatar answered Oct 02 '22 03:10

Stephen C
Sign in to Comment

Related questions

Google Street view + device tilting
Liquibase maven plugin is not using classpath property
Print Tree with 4 nodes (simple forest) for checking a benchmark
Intellij Idea doesn't see values in .yaml file, but successfully references .properties in @Value
Jackson - Deserialize Array without property name
Running a subset of unit tests when source file changes using Gradle
Since which java version SHA-256 and SHA256withRSA are supported for timestamp at signed jar files
NoSuchFieldError "ADJUST_DATES_TO_CONTEXT_TIME_ZONE" when trying to parse json
Spring @Transactional read-only mode rollback behaviour
springboot read tomcat-context.xml
JavaFX Application (that uses a preloaded) exits prematurely
Java ByteBuffer BigEndian Double
PayPal SDK going from payment review page to profilepage
libgdx: IOS on screen keyboard not firing events consistently
Invalid character found in method name. HTTP method must be tokens
intellij GWT debug configuration
Hibernate "Column --- cannot be null
Does the timezone matter when parsing a Timestamp?
Glide Library Loading Very Slow with GIF
SQL syntax error using jdbc

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!