JDK 12 has been released! Although there are no major security features in this release, there are quite a few smaller enhancements and useful additions. Below, I have enumerated the enhancements which I think are most interesting. I have also grouped them into appropriate categories (TLS, crypto, etc) which should make it easier to find out what has changed in each specific area.
New HmacPBE Mac algorithm support
New standard HmacPBE algorithms have been added to the Standard Algorithm Names specification and are implemented in the
SunJCEprovider: HmacPBESHA1, HmacPBESHA224, HmacPBESHA256, HmacPBESHA384, HmacPBESHA512, HmacPBESHA512/224, and HmacPBESHA512/256. These are used by the PKCS12
KeyStoreJDK implementation, but now can also be used independently in your applications as
Mac mac = Mac.getInstance("HmacPBESHA256");
More informative Cipher.toString()
javax.crypto.Cipherhas been overridden to print more useful information such as the algorithm, mode, and provider used by the
Cipher.AES/GCM/NoPadding, mode: encryption, algorithm from: SunJCE
PKCS12 KeyStore configuration properties
New system and security properties have been added for customizing the security algorithms used in the PKCS12
KeyStoreimplementation. This includes algorithms and parameters for key protection, certificate protection, and MacData. For example, there is a property named
keystore.pkcs12.certProtectionAlgorithmthat specifies the algorithm that is used to encrypt a certificate. More details, including the default values for these properties are listed in the
ChaCha20 and Poly1305 TLS Cipher Suites
Support for the ChaCha20 and Poly1305 TLS cipher suites has been added to the
SunJSSEprovider. The TLS_CHACHA20_POLY1305_SHA256 cipher is for TLS 1.3 and the TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, and TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ciphers are for TLS 1.2. Each of these ciphers is enabled by default.
New methods to access the SSLSession
getSSLSessionmethod has been added to the
java.net.SecureCacheResponseAPIs. This method allows applications to obtain full details of the underlying TLS session, such as the negotiated TLS version, which can be very useful. This information was not previously available from these APIs.
Anon and NULL cipher suites disabled by default
The TLS anon (anonymous) and NULL cipher suites have been added to the
jdk.tls.disabledAlgorithmssecurity property and are now disabled by default. These ciphers have known security risks and should only be used in special cases. Note that these ciphers were not previously enabled by default (applications still had to explicitly enable them to use them, for example by calling
SSLSocket.setEnabledCipherSuites()). With this change, these ciphers are no longer available without additional configuration by a user or administrator via the
DES cipher suites disabled by default
All TLS cipher suites that use DES have been added to the
jdk.tls.disabledAlgorithmssecurity property and are now disabled by default. DES has known security weaknesses and is no longer recommended. Note that these ciphers were not previously enabled by default. With this change, these ciphers are no longer available without additional configuration by a user or administrator via the
Symantec TLS Server Certificates to be distrusted
The JDK will stop trusting TLS Server certificates issued by Symantec. The list of affected certificates includes certificates branded as GeoTrust, Thawte, and VeriSign, which were managed by Symantec. TLS Server certificates issued on or before April 16, 2019 will continue to be trusted until they expire. Certificates issued after that date will be rejected. See the release note for more information and a list of Certificate Authorities that are affected.
Removed TLS v1 and v1.1 from required algorithms
TLS 1.0 and 1.1 are no longer required to be implemented by Java SE implementations.
TLS 1.2 support for SunPKCS11 provider
SunPKCS11provider now supports TLS 1.2. TLS 1.2 algorithms for key and MAC derivation have been added to the
New keytool -groupname option
-groupnameoption has been added to the
keytool -genkeypaircommand so that a user can specify a named group when generating a key pair. For example:
keytool -genkeypair -keyalg EC -groupname secp384r1
will generate an EC key pair by using the
Deprecated the default algorithms for keytool -keyalg
A warning is now emitted if the
-keyalgoption is not specified with the
-genseckeykeytool commands. The current default for
-genkeypairis DSA and
-genseckeyis DES. In a future release, the
-keyalgoption will be required.
keytool -printcert now recognizes the -providername option
-providernameoption can be useful for inspecting the contents of a certificate that is using an algorithm that is not supported by the builtin JDK security providers.
Pure-Java implementation of AccessController.doPrivileged
The implementation of the
AccessController.doPrivilegedmethods are now all Java code (they no longer call into the JVM). Micro-benchmarks of these methods have shown up to a 50x performance improvement.
New runtime mode for applications that don’t use a SecurityManager
New “disallow” and “allow” token options have been added to the
java.security.managersystem property. The “disallow” option can improve run-time performance for applications that never set a SecurityManager. If the Java Virtual Machine starts with the system property
java.security.managerset to “disallow”, then the
System.setSecurityManagermethod cannot be used to set a security manager and will throw an
For further details on the behavior of these options, see the class description of
New Java Flight Recorder (JFR) security events
New security-related events have been added to the Java Flight Recorder tool. These events are disabled by default and can be enabled via JFR configuration files or via standard JFR options. See the release note for more information on the new events.