-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P3
-
Affects Version/s: None
-
Component/s: security-libs
-
b120
Section 3.3.2, NIST SP 800-52:
---------------------------------------------
The server random value, sent in the ServerHello message, contains a 4-byte timestamp[*] value and 28-byte random value. The validated random number generator shall be used to generate the 28-byte random value of the server random value. The validated random number generator should be used to generate the 4-byte timestamp of the server random value.
Section 4.3.2, NIST SP 800-52:
---------------------------------------------
The validated random number generator shall be used to generate the 28-byte random value of the client random value. The validated random number generator should be used to generate the 4-byte timestamp of the client random value.
[*] The timestamp value does not need to be correct in TLS. It can be any 4-byte value, unless otherwise restricted by higher-level or application protocols.
---------------------------------------------
The server random value, sent in the ServerHello message, contains a 4-byte timestamp[*] value and 28-byte random value. The validated random number generator shall be used to generate the 28-byte random value of the server random value. The validated random number generator should be used to generate the 4-byte timestamp of the server random value.
Section 4.3.2, NIST SP 800-52:
---------------------------------------------
The validated random number generator shall be used to generate the 28-byte random value of the client random value. The validated random number generator should be used to generate the 4-byte timestamp of the client random value.
[*] The timestamp value does not need to be correct in TLS. It can be any 4-byte value, unless otherwise restricted by higher-level or application protocols.
- blocks
-
JDK-8046292 Track NIST Special Publication 800-52
-
- Resolved
-