Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8148188

Enhance the security libraries to record events of interest

    XMLWordPrintable

Details

    Backports

      Description

        Enhance the security libraries to log usage of weak algorithms, key sizes, protocols and other crypto events of interest.

        Via the introduction of JFR Crypto Events (JDK-8186986), security library code could start recording events of particular interest to the JFR recording framework (if enabled). Code using this new 'EventRuntime' API would be inserted into security library classes and could communicate directly with JFR libraries if present. If not present, we have have stub holders that simply end up logging to the System Logger as a fall back.

        Examples of events to record would be :
         * Certificates encountered while setting up a TLS connection
         * TLS protocol version and ciphersuite used for each TLS connection attempt
         * Overriding of default security properties

        Once such data is recorded, there's potential for a client tool, coupled with a ruleset to analyze the new events and report back to system administrators about the overall strength of their Java applications with respect to cryptographic standards.

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8149577 Enhance the security libraries to record events of interest

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8149578 Enhance the security libraries to record events of interest

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8226636 Enhance the security libraries to record events of interest

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8229613 Enhance the security libraries to record events of interest

            • P3 - Major loss of function.
            • Resolved
            blocks

            New Feature - A new feature of the product, which has yet to be developed. JMC-5561 Support for Crypto Events in JMC

            • P2 - Crashes, loss of data, severe memory leak.
            • Open
            is blocked by

            Sub-task - The sub-task of the issue JDK-8193397 Milestone 3: Implementation

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved

            Enhancement - null JDK-8203629 Produce events in the JDK without a dependency on jdk.jfr

            • P3 - Major loss of function.
            • Resolved
            relates to

            Bug - A problem which impairs or prevents the functions of the product. JDK-8255348 NPE in PKIXCertPathValidator event logging code

            • P3 - Major loss of function.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8292033 Move jdk.X509Certificate event logic to JCA layer

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. JMC-7263 JMC displaying long value in scientific notation

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • New

            Enhancement - null JDK-8266551 Improve X509ValidationEvent so that all validation attempts are recorded

            • P3 - Major loss of function.
            • Open

            Enhancement - null JDK-8254711 Add java.security.Provider.getService JFR Event

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved

            Sub-task - The sub-task of the issue JDK-8140423 Add system property or mechanism to allow customers to test upcoming restrictions

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. JDK-8234466 Class loading deadlock involving X509Factory#commitEvent()

            • P3 - Major loss of function.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8214161 java.lang.IllegalAccessError: class jdk.internal.event.X509CertificateEvent (in module java.base) cannot access class jdk.jfr.internal.handlers.EventHandler (in module jdk.jfr) because module java.base does not read module jdk.jfr

            • P1 - Blocks development and/or testing work, production could not run.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. JDK-8234468 Application startup failed on JRE 8u231

            • P3 - Major loss of function.
            • Closed

            Enhancement - null JDK-8146635 Introduce Logger API for security libs diagnostics

            • P3 - Major loss of function.
            • Closed

            Activity

              People

                coffeys Sean Coffey
                mullan Sean Mullan
                Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: