Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8061798

Add support for TLS_FALLBACK_SCSV (RFC 7507)

    Details

    • Type: Enhancement
    • Status: Open
    • Priority: P3
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: 10
    • Component/s: security-libs
    • Labels:
      None

      Description

      This is an enhancement request to add support for the TLS_FALLBACK_SCV cipher suite that can be employed to prevent unintended protocol downgrades between clients and servers. The latest IETF draft is: https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-03

        Activity

        Hide
        wetmore Bradford Wetmore added a comment - - edited
        As mentioned in the SSLParameters, this requires an API change for JDK 9, and likely can't be done for shipping JDK's.

        IIRC, (haven't looked at this in a while), we can probably add the server side support with no API change.
        Show
        wetmore Bradford Wetmore added a comment - - edited As mentioned in the SSLParameters, this requires an API change for JDK 9, and likely can't be done for shipping JDK's. IIRC, (haven't looked at this in a while), we can probably add the server side support with no API change.
        Show
        mullan Sean Mullan added a comment - Latest IETF draft: http://ietfreport.isoc.org/all-ids/draft-ietf-tls-downgrade-scsv-03.txt
        Hide
        mullan Sean Mullan added a comment -
        Initial security-dev discussion on adding support for this feature is here: http://mail.openjdk.java.net/pipermail/security-dev/2014-October/011348.html
        Show
        mullan Sean Mullan added a comment - Initial security-dev discussion on adding support for this feature is here: http://mail.openjdk.java.net/pipermail/security-dev/2014-October/011348.html
        Hide
        fweimer Florian Weimer added a comment -
        Show
        fweimer Florian Weimer added a comment - Rebased webrev posted for review: http://mail.openjdk.java.net/pipermail/security-dev/2015-January/011653.html

          People

          • Assignee:
            xuelei Xue-Lei Fan
            Reporter:
            mullan Sean Mullan
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated: