Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8148188

Enhance the security libraries to record events of interest

    Details

      Backports

        Description

        Enhance the security libraries to log usage of weak algorithms, key sizes, protocols and other crypto events of interest.

        Via the introduction of JFR Crypto Events (JDK-8186986), security library code could start recording events of particular interest to the JFR recording framework (if enabled). Code using this new 'EventRuntime' API would be inserted into security library classes and could communicate directly with JFR libraries if present. If not present, we have have stub holders that simply end up logging to the System Logger as a fall back.

        Examples of events to record would be :
         * Certificates encountered while setting up a TLS connection
         * TLS protocol version and ciphersuite used for each TLS connection attempt
         * Overriding of default security properties

        Once such data is recorded, there's potential for a client tool, coupled with a ruleset to analyze the new events and report back to system administrators about the overall strength of their Java applications with respect to cryptographic standards.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  coffeys Sean Coffey
                  Reporter:
                  mullan Sean Mullan
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Due:
                    Created:
                    Updated:
                    Resolved: