-
Type:
Sub-task
-
Resolution: Delivered
-
Priority:
P4
-
Affects Version/s: 8u341, 11.0.16-oracle, 17.0.4-oracle, 19
-
Component/s: core-libs
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8288607 | 17.0.4-oracle | Michael McMahon | P4 | Resolved | Delivered | |
| JDK-8288606 | 11.0.16-oracle | Michael McMahon | P4 | Resolved | Delivered | |
| JDK-8285840 | 8u341 | Prajwal Kumaraswamy | P4 | Resolved | Delivered |
Support has been added for TLS channel binding tokens for Negotiate/Kerberos authentication over HTTPS through javax.net.HttpsURLConnection.
Channel binding tokens are increasingly required as an enhanced form of security. They work by communicating from a client to a server the client's understanding of the binding between connection security, as represented by a TLS server cert, and higher level authentication credentials, such as a username and password. The server can then detect if the client has been fooled by a MITM and shutdown the session or connection.
The feature is controlled through a new system property `jdk.https.negotiate.cbt` which is described fully in [Networking Properties](https://docs.oracle.com/en/java/javase/19/docs/api/java.base/java/net/doc-files/net-properties.html#jdk.https.negotiate.cbt).
Channel binding tokens are increasingly required as an enhanced form of security. They work by communicating from a client to a server the client's understanding of the binding between connection security, as represented by a TLS server cert, and higher level authentication credentials, such as a username and password. The server can then detect if the client has been fooled by a MITM and shutdown the session or connection.
The feature is controlled through a new system property `jdk.https.negotiate.cbt` which is described fully in [Networking Properties](https://docs.oracle.com/en/java/javase/19/docs/api/java.base/java/net/doc-files/net-properties.html#jdk.https.negotiate.cbt).
- backported by
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-