JDK 23 was released on September 17, 2024! As with my previous blogs, I have compiled a list of what I think are the most interesting and useful security enhancements in this release. I have also grouped them into appropriate categories (crypto, PKI, etc) which should make it easier to find out what has changed in each specific area. The JDK 23 release notes also contain further details on these and other enhancements.
Highlights of this release include new “thread” and “timestamp”
debugging options, crypto related performance improvements, and a new KeyStore
for accessing root certificates in the MacOS KeyChain.
Also, one other important JDK 23 feature that is not part of the security libraries area but is worth mentioning is:
-
JEP 471: Deprecate the Memory-Access Methods in sun.misc.Unsafe for Removal
This JEP deprecates the memory-access methods in
sun.misc.Unsafefor removal in a future release. Quoting from the JEP: “Removing the memory-access methods insun.misc.Unsafeis part of a long-term coordinated effort to ensure that the Java Platform has integrity by default.”
Table of Contents
Crypto
-
Increased CipherInputStream buffer size
The buffer size of
javax.crypto.CipherInputStreamhas been increased from 512 bytes to 8192 bytes. This change can improve performance and is more consistent with buffer sizes for other APIs such asjava.io.FileInputStream.Issue: JDK-833018
-
New SecureRandom() performance improved
The performance of constructing a
java.security.SecureRandomobject vianew SecureRandom()has been improved.Issues: JDK-8324646, JDK-8324648
-
New PKCS11 allowLegacy attribute
A new PKCS11 configuration attribute named
allowLegacyhas been introduced. Applications can set this value to “true” to bypass legacy checks. The default value is “false”.As cryptographic algorithms weaken, some PKCS11 libraries may begin limiting the use of these algorithms. For example, a PKCS11 library may allow an application to verify existing signatures signed with a particular algorithm, but forbid new signatures to be generated with that algorithm. This attribute allows applications to workaround these restrictions if necessary, at their own risk.
Issue: JDK-8293345
PKI
-
New root CA certificates
Several new root CA certificates have been added to the
cacertskeystore:- Two Certainly root CA certificates
- Certainly Root R1 has the following distinguished name:
CN=Certainly Root R1, O=Certainly, C=US - Certainly Root E1 has the following distinguished name:
CN=Certainly Root E1, O=Certainly, C=US
These root certificates have also been added to the
cacertskeystore in Oracle’s JDK 22.0.1, 21.0.3, 17.0.11, 11.0.23, 8u411, and 7u421 releases.Issue: JDK-8321408
- Certainly Root R1 has the following distinguished name:
- Two GlobalSign root CA certificates
- GlobalSign Root R46 has the following distinguished name:
CN=GlobalSign Root R46, O=GlobalSign nv-sa, C=BE - GlobalSign Root E46 has the following distinguished name:
CN=GlobalSign Root E46, O=GlobalSign nv-sa, C=BE
These root certificates have also been added to the
cacertskeystore in Oracle’s JDK 22.0.2, 21.0.4, 17.0.12, 11.0.24, 8u421, and 7u431 releases.Issue: JDK-8316138
- GlobalSign Root R46 has the following distinguished name:
- Two Certainly root CA certificates
-
New KeyStore for MacOS root certificates
A new
java.security.KeyStorenamedKeychainStore-ROOThas been added to theApplesecurity provider. This keystore contains root certificates stored in the system keychain on MacOS systems. TheAppleprovider now supports two KeyStores,KeychainStore-Rootand the existingKeychainStorewhich contains private keys and certificates for the user’s keychain.This enhancement will fix issues that caused HTTPs connections to fail because the JDK was unable to find a root certificate to establish trust in the peer’s certificate chain. After this change, users should set the
javax.net.ssl.trustStoreTypesystem property toKeychainStore-ROOTwhen making TLS connections.Here is an example of using the
keytoolutility to list the roots in the MacOS KeyChain:
keytool -list -storetype KeychainStore-ROOT -keystore NONE Enter keystore password: ***************** WARNING WARNING WARNING ***************** * The integrity of the information stored in your keystore * * has NOT been verified! In order to verify its integrity, * * you must provide your keystore password. * ***************** WARNING WARNING WARNING ***************** Keystore type: KEYCHAINSTORE-ROOT Keystore provider: Apple Your keystore contains 153 entries aaa certificate services, Sep 20, 2024, trustedCertEntry, Certificate fingerprint (SHA-256): D7:A7:A0:FB:5D:7E:27:31:D7:71:E9:48:4E:BC:DE:F7:1D:5F:0C:3E:0A:29:48:78:2B:C8:3E:E0:EA:69:9E:F4 ac raiz fnmt-rcm, Sep 20, 2024, trustedCertEntry, Certificate fingerprint (SHA-256): EB:C5:57:0C:29:01:8C:4D:67:B1:AA:12:7B:AF:12:F7:03:B4:61:1E:BC:17:B7:DA:B5:57:38:94:17:9B:93:FA accvraiz1, Sep 20, 2024, trustedCertEntry, Certificate fingerprint (SHA-256): 9A:6E:C0:12:E1:A7:DA:9D:BE:34:19:4D:47:8A:D7:C0:DB:18:22:FB:07:1D:F1:29:81:49:6E:D1:04:38:41:13 actalis authentication root ca, Sep 20, 2024, trustedCertEntry, Certificate fingerprint (SHA-256): 55:92:60:84:EC:96:3A:64:B9:6E:2A:BE:01:CE:0B:A8:6A:64:FB:FE:BC:C7:AA:B5:AF:C1:55:B3:7F:D7:60:66 ...
Issue: JDK-8320362
-
New system property to use POST for all OCSP requests
JDK 17 introduced a performance enhancement whereby the JDK uses the HTTP GET method for small OCSP requests, and POST for all other requests. However, some OCSP responders do not handle GET requests well, and this has caused issues that can’t be easily worked around.
Thus, a new system property named
com.sun.security.ocsp.usegethas been introduced. When set to “false”, the JDK will only use the HTTP POST method when submitting OCSP requests. The default if not set, is “true” with the behavior being the same as before.Issue: JDK-8328638
Authorization
-
Subject.getSubject() now throws UnsupportedOperationException unless a Security Manager is allowed or enabled
The
getSubjectmethod ofjavax.security.auth.Subjecthas been changed to throw anUnsupportedOperationException. Users can revert to previous behavior by allowing or enabling a Security Manager on the command line, via-Djava.security.manager. TheSubject.getSubjectmethod does not depend on a Security Manager but requires the feature be “allowed” due to theAccessControlContextparameter.This change was made to prepare users for a future release where this method will be changed to always throw
UnsupportedOperationException. This method is problematic because it depends onAccessControlContext, which is one of the Security Manager APIs that was deprecated for removal in JDK 17.The good news is that a replacement API (
Subject.current()) was added in JDK 18. Applications and libraries should strongly consider replacing their calls toSubject.getSubject()withSubject.current().Issue: JDK-8296244
Kerberos
-
New security/system property to support case-sensitive principal names
A new security property named
jdk.security.krb5.name.case.sensitivehas been introduced to allow Kerberos principal names to be looked up in keytab and credential cache files in a case-sensitive manner. Prior to this change, principal names were always treated as case-insensitive, meaning a principal name ofSEAN@ACME.ORGwould matchsean@acme.org. However, some Kerberos implementations treat these principals as distinct.If the property is set to “true”, the JDK Kerberos implementation will use a case-sensitive comparison when matching principal names. The default value of this property, if not set, is “false” to preserve existing behavior. A system property of the same name can also be used, and it will override the value of the security property.
Issue: JDK-8331975
-
Enhanced Kerberos debugging
Debug output of the Kerberos component is now directed to standard error instead of standard output. Each message is now prefixed with the Kerberos subcomponent that it applies to:
krb5loginmodule,jgss,krb5, etc.Here is example output of debugging code with the
sun.security.krb5.debugsystem property set to “true”:
krb5: Java config name: null krb5: Native config name: /etc/krb5.conf krb5: Loading config file from /etc/krb5.conf krb5: Loaded from native config
Issue: JDK-8327818
Miscellaneous
-
New “thread” and “timestamp” options for the java.security.debug system property
New “thread” and “timestamp” options have been added to the
java.security.debugsystem property to help you debug applications.The “thread” option will print the thread and caller information of each debug statement. The “timestamp” option will print the date and time of each debug statement. These new options can be extremely helpful when debugging multi-threaded applications.
The options can be appended with a “+” sign to a
java.security.debugsetting. For example, below is a portion of the output of an application run with-Djava.security.debug=properties+thread+timestamp. Each debug line contains a timestamp and the thread id and caller.
properties[0x1|main|Security.java:161|2024-09-20 09:31:39.929]: java.security properties[0x1|main|Security.java:122|2024-09-20 09:31:39.931]: Initial security property: jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, SHA1 denyAfter 2019-01-01 properties[0x1|main|Security.java:122|2024-09-20 09:31:39.931]: Initial security property: security.provider.13=SunPKCS11 properties[0x1|main|Security.java:122|2024-09-20 09:31:39.931]: Initial security property: security.provider.12=Apple properties[0x1|main|Security.java:122|2024-09-20 09:31:39.931]: Initial security property: http.auth.digest.disabledAlgorithms=MD5, SHA-1 properties[0x1|main|Security.java:122|2024-09-20 09:31:39.932]: Initial security property: jdk.security.legacyAlgorithms=SHA1, RSA keySize < 2048, DSA keySize < 2048, DES, DESede, MD5, RC2, ARCFOUR properties[0x1|main|Security.java:122|2024-09-20 09:31:39.932]: Initial security property: securerandom.source=file:/dev/random
Issue: JDK-8051959