Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8148188

Enhance the security libraries to record events of interest

    XMLWordPrintable

    Details

      Backports

        Description

        Enhance the security libraries to log usage of weak algorithms, key sizes, protocols and other crypto events of interest.

        Via the introduction of JFR Crypto Events (JDK-8186986), security library code could start recording events of particular interest to the JFR recording framework (if enabled). Code using this new 'EventRuntime' API would be inserted into security library classes and could communicate directly with JFR libraries if present. If not present, we have have stub holders that simply end up logging to the System Logger as a fall back.

        Examples of events to record would be :
         * Certificates encountered while setting up a TLS connection
         * TLS protocol version and ciphersuite used for each TLS connection attempt
         * Overriding of default security properties

        Once such data is recorded, there's potential for a client tool, coupled with a ruleset to analyze the new events and report back to system administrators about the overall strength of their Java applications with respect to cryptographic standards.

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                coffeys Sean Coffey
                Reporter:
                mullan Sean Mullan
                Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                  Dates

                  Due:
                  Created:
                  Updated:
                  Resolved: