Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8219861

Add new keytool -showinfo -tls command for displaying TLS configuration information

XMLWordPrintable

        This new command (-showinfo being the command, -tls being an option) would be used for displaying information about the system's TLS configuration, such as the enabled cipher suites (and their order) and the enabled protocols. This type of information is very useful to both users and administrators and can vary depending on what JDK release or update is installed on the system and if any changes have been made to the java.security file to restrict cipher suites or protocols. Previously we had been documenting the enabled suites and protocols in the JSSE security guide, but that has been proven to be a moving target and difficult to keep up-to-date as additional weak cipher suites have been restricted, often in update releases. Thus, a new keytool command to display the current configuration seems to be the best solution.

        The new -showinfo command should probably support -v to display more detailed information. In the case of -tls, it cab include the enabled protocols/suites.

              weijun Weijun Wang
              mullan Sean Mullan
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: