JDK 12 Security Enhancements

JDK 12 has been released! Although there are no major security features in this release, there are quite a few smaller enhancements and useful additions. Below, I have enumerated the enhancements which I think are most interesting. I have also grouped them into appropriate categories (TLS, crypto, etc) which should make it easier to find out what has changed in each specific area.

Crypto

1. New HmacPBE Mac algorithm support

   New standard HmacPBE algorithms have been added to the Standard Algorithm Names specification and are implemented in the SunJCE provider: HmacPBESHA1, HmacPBESHA224, HmacPBESHA256, HmacPBESHA384, HmacPBESHA512, HmacPBESHA512/224, and HmacPBESHA512/256. These are used by the PKCS12 KeyStore JDK implementation, but now can also be used independently in your applications as javax.crypto.Mac algorithms, ex:

   Mac mac = Mac.getInstance("HmacPBESHA256");
   

   More information: https://docs.oracle.com/en/java/javase/12/docs/specs/security/standard-names.html#mac-algorithms

   Issue: https://bugs.openjdk.java.net/browse/JDK-8215450

2. More informative Cipher.toString()

   The toString method of javax.crypto.Cipher has been overridden to print more useful information such as the algorithm, mode, and provider used by the Cipher object, ex:

   Cipher.AES/GCM/NoPadding, mode: encryption, algorithm from: SunJCE
   

   Issue: https://bugs.openjdk.java.net/browse/JDK-8210838

3. PKCS12 KeyStore configuration properties

   New system and security properties have been added for customizing the security algorithms used in the PKCS12 KeyStore implementation. This includes algorithms and parameters for key protection, certificate protection, and MacData. For example, there is a property named keystore.pkcs12.certProtectionAlgorithm that specifies the algorithm that is used to encrypt a certificate. More details, including the default values for these properties are listed in the java.security configuration file.

   Issue: https://bugs.openjdk.java.net/browse/JDK-8076190

TLS

1. ChaCha20 and Poly1305 TLS Cipher Suites

   Support for the ChaCha20 and Poly1305 TLS cipher suites has been added to the SunJSSE provider. The TLS_CHACHA20_POLY1305_SHA256 cipher is for TLS 1.3 and the TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, and TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ciphers are for TLS 1.2. Each of these ciphers is enabled by default.

   Issue: https://bugs.openjdk.java.net/browse/JDK-8140466

2. New methods to access the SSLSession

   A getSSLSession method has been added to the javax.net.ssl.HttpsURLConnection and java.net.SecureCacheResponse APIs. This method allows applications to obtain full details of the underlying TLS session, such as the negotiated TLS version, which can be very useful. This information was not previously available from these APIs.

   More information:

   • https://docs.oracle.com/en/java/javase/12/docs/api/java.base/javax/net/ssl/HttpsURLConnection.html#getSSLSession()
   • https://docs.oracle.com/en/java/javase/12/docs/api/java.base/java/net/SecureCacheResponse.html#getSSLSession()

   Issue: https://bugs.openjdk.java.net/browse/JDK-8212261

3. Anon and NULL cipher suites disabled by default

   The TLS anon (anonymous) and NULL cipher suites have been added to the jdk.tls.disabledAlgorithms security property and are now disabled by default. These ciphers have known security risks and should only be used in special cases. Note that these ciphers were not previously enabled by default (applications still had to explicitly enable them to use them, for example by calling SSLSocket.setEnabledCipherSuites()). With this change, these ciphers are no longer available without additional configuration by a user or administrator via the jdk.tls.disabledAlgorithms security property.

   Issue: https://bugs.openjdk.java.net/browse/JDK-8211883

4. DES cipher suites disabled by default

   All TLS cipher suites that use DES have been added to the jdk.tls.disabledAlgorithms security property and are now disabled by default. DES has known security weaknesses and is no longer recommended. Note that these ciphers were not previously enabled by default. With this change, these ciphers are no longer available without additional configuration by a user or administrator via the jdk.tls.disabledAlgorithms security property.

   Issue: https://bugs.openjdk.java.net/browse/JDK-8208350

5. Symantec TLS Server Certificates to be distrusted

   The JDK will stop trusting TLS Server certificates issued by Symantec. The list of affected certificates includes certificates branded as GeoTrust, Thawte, and VeriSign, which were managed by Symantec. TLS Server certificates issued on or before April 16, 2019 will continue to be trusted until they expire. Certificates issued after that date will be rejected. See the release note for more information and a list of Certificate Authorities that are affected.

   Issue: https://bugs.openjdk.java.net/browse/JDK-8207258

6. Removed TLS v1 and v1.1 from required algorithms

   TLS 1.0 and 1.1 are no longer required to be implemented by Java SE implementations.

   Issue: https://bugs.openjdk.java.net/browse/JDK-8214140

7. TLS 1.2 support for SunPKCS11 provider

   The SunPKCS11 provider now supports TLS 1.2. TLS 1.2 algorithms for key and MAC derivation have been added to the SunPKCS11 provider.

   Issue: https://bugs.openjdk.java.net/browse/JDK-8029661

Tools

1. New keytool -groupname option

   A new -groupname option has been added to the keytool -genkeypair command so that a user can specify a named group when generating a key pair. For example:

   keytool -genkeypair -keyalg EC -groupname secp384r1
   

   will generate an EC key pair by using the secp384r1 curve.

   Issue: https://bugs.openjdk.java.net/browse/JDK-8213400

2. Deprecated the default algorithms for keytool -keyalg

   A warning is now emitted if the -keyalg option is not specified with the -genkeypair or -genseckey keytool commands. The current default for -genkeypair is DSA and -genseckey is DES. In a future release, the -keyalg option will be required.

   Issue: https://bugs.openjdk.java.net/browse/JDK-8212003

3. keytool -printcert now recognizes the -providername option

   The -providername option can be useful for inspecting the contents of a certificate that is using an algorithm that is not supported by the builtin JDK security providers.

   Issue: https://bugs.openjdk.java.net/browse/JDK-8201290

SecurityManager

1. Pure-Java implementation of AccessController.doPrivileged

   The implementation of the AccessController.doPrivileged methods are now all Java code (they no longer call into the JVM). Micro-benchmarks of these methods have shown up to a 50x performance improvement.

   Issue: https://bugs.openjdk.java.net/browse/JDK-8212605

2. New runtime mode for applications that don’t use a SecurityManager

   New “disallow” and “allow” token options have been added to the java.security.manager system property. The “disallow” option can improve run-time performance for applications that never set a SecurityManager. If the Java Virtual Machine starts with the system property java.security.manager set to “disallow”, then the System.setSecurityManager method cannot be used to set a security manager and will throw an UnsupportedOperationException.

   For further details on the behavior of these options, see the class description of java.lang.SecurityManager.

   Issue: https://bugs.openjdk.java.net/browse/JDK-8191053

Miscellaneous

1. New Java Flight Recorder (JFR) security events

   New security-related events have been added to the Java Flight Recorder tool. These events are disabled by default and can be enabled via JFR configuration files or via standard JFR options. See the release note for more information on the new events.

   Issue: https://bugs.openjdk.java.net/browse/JDK-8148188