Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8257766

Add support for RFC 8954: Online Certificate Status Protocol (OCSP) Nonce Extension



    • CSR
    • Resolution: Approved
    • P3
    • 17
    • security-libs
    • None
    • behavioral
    • minimal
    • System or security property
    • JDK



      Add support for RFC 8954 (Online Certificate Status Protocol (OCSP) Nonce Extension) to the JDK PKIX implementation. Introduce a system property named jdk.security.certpath.ocspNonce to enable use of the nonce extension.


      The PKIXRevocationChecker checks the revocation status of certificates with the OCSP responders. The current implementation has protections against replay attacks using the date-based approach of OCSP freshness determination specified in section 7.1 of RFC 5019 [1]. Adding the nonce extension to bind the OCSP request and response is an improvement.


      The current implementation in PKIXRevocationChecker requires the OCSP response to be timely using the date-based approach against replay attacks. Defining a system property jdk.security.certpath.ocspNonce to enable nonce extension is an improvement.

      As RFC 8954 [2] states that if the nonce extension is present, then the length of the nonce must be at least 1 octet and can be up to 32 octets, and OCSP responders must accept lengths of at least 16 octets. To have a conforming implementation, the default nonce length is defined as 16-byte by jdk.security.certpath.ocspNonce=true, where 16-byte is also same as OpenSSL default.

      System property jdk.security.certpath.ocspNonce is disabled by default for compatibility. This is because RFC 5019 [1] states that clients should not include the requestExtensions structure, and if a requestExtensions structure is included, this profile recommends that it contain only the nonce extension.


      [1] https://tools.ietf.org/html/rfc5019

      [2] https://tools.ietf.org/html/rfc8954


      "Java PKI Programmer's Guide" section in Security Developer's Guide:

      Support for the nonce extension in OCSP requests can be configured with the system property jdk.security.certpath.ocspNonce. It is disabled by default, and can be enabled by setting it to the value true. If set to true, the JDK implementation of PKIXRevocationChecker includes a Nonce extension containing a 16 byte nonce with each OCSP request.


        Issue Links



              hchao Haimay Chao
              mullan Sean Mullan
              Jamil Nimeh, Sean Mullan
              0 Vote for this issue
              1 Start watching this issue