-
Enhancement
-
Resolution: Fixed
-
P2
-
7
-
b73
-
generic
-
generic
-
Verified
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8195856 | 7u201 | Prasadarao Koppula | P2 | Resolved | Fixed | b01 |
JDK-8200675 | 7u191 | Prasadarao Koppula | P2 | Closed | Fixed | b01 |
JDK-2210924 | 7u181 | Prasadarao Koppula | P3 | Closed | Won't Fix |
TLS 1.2 [RFC 5246] defines AEAD (CCM/GCM) cipher structures, and RFC 5288/5289 defines GCM cipher suite specs.
According to "Suite B Profile for Transport Layer Security" [RFC 5430], "A Suite B compliant TLS version 1.2 or later client MUST offer at least two cipher suites for each supported security level. For the 128-bit security level, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 and TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 MUST be offered in this order in the ClientHello message. For the 192-bit security level, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 and TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 MUST be offered in this order in the ClientHello message. One of these cipher suites MUST be the first (most preferred) cipher suite in the ClientHello message."
In order to be Suite-B compliant, GCM ciphers need to be supported in the default JSSE provider.
According to "Suite B Profile for Transport Layer Security" [RFC 5430], "A Suite B compliant TLS version 1.2 or later client MUST offer at least two cipher suites for each supported security level. For the 128-bit security level, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 and TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 MUST be offered in this order in the ClientHello message. For the 192-bit security level, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 and TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 MUST be offered in this order in the ClientHello message. One of these cipher suites MUST be the first (most preferred) cipher suite in the ClientHello message."
In order to be Suite-B compliant, GCM ciphers need to be supported in the default JSSE provider.
- backported by
-
JDK-8195856 support AEAD ciphers
-
- Resolved
-
-
JDK-8200675 support AEAD ciphers
-
- Closed
-
-
JDK-2210924 support AEAD ciphers
-
- Closed
-
- blocks
-
JDK-8180834 Support the GCM cipher suites in JDK 7
-
- Resolved
-
- relates to
-
JDK-8037260 Enhance JCA Reference Guide with GCM cipher examples
-
- Resolved
-
-
JDK-7031343 Provide API changes to support future GCM AEAD ciphers
-
- Closed
-
-
JDK-6852010 Support AEAD Ciphersuites
-
- Closed
-
-
JDK-8046105 JEP 115: AEAD CipherSuites
-
- Closed
-
(3 relates to)