Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8341346 Add support for exporting TLS Keying Material
  3. JDK-8356668

Release Note: Add Support for TLS Keying Material Exporters to JSSE and SunJSSE Provider

XMLWordPrintable

      This enhancement adds support for TLS (Transport Layer Security) Keying Material Exporters, which allow applications to generate additional application-level keying material from a connection's negotiated TLS keys.

      This change enables support for several additional protocols, including those labels registered in the [IANA TLS Parameters-Exporter Label](https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels) document.

      This functionality is described in [RFC 5705](https://www.rfc-editor.org/rfc/rfc5705.html) for TLSv1-TLSv1.2, and [RFC 8446](https://www.rfc-editor.org/rfc/rfc8446.html) for TLSv1.3. The feature can be accessed via two new APIs in the `javax.net.ssl.ExtendedSSLSession` class:

          public SecretKey exportKeyingMaterialKey(String keyAlg,
                  String label, byte[] context, int length) throws SSLKeyException
          public byte[] exportKeyingMaterialData(
                  String label, byte[] context, int length) throws SSLKeyException

            wetmore Bradford Wetmore
            wetmore Bradford Wetmore
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: