Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8279842 HTTPS Channel Binding support for Java GSS/Kerberos
  3. JDK-8285240

Release Note: HTTPS Channel Binding support for Java GSS/Kerberos

    XMLWordPrintable

    Details

    • Type: Sub-task
    • Status: In Progress
    • Priority: P4
    • Resolution: Unresolved
    • Affects Version/s: 8u341, 11.0.16-oracle, 17.0.4-oracle, 19
    • Fix Version/s: 19
    • Component/s: core-libs
    • Subcomponent:
    • Understanding:
      Cause Known

      Backports

        Description

        Support has been added for TLS channel binding tokens for Negotiate/Kerberos authentication over HTTPS through javax.net.HttpsURLConnection.

        Channel binding tokens are increasingly required as an enhanced form of security which can mitigate certain kinds of socially engineered, man in the middle (MITM) attacks. They work by communicating from a client to a server the client's understanding of the binding between connection security (as represented by a TLS server cert) and higher level authentication credentials (such as a username and password). The server can then detect if the client has been fooled by a MITM and shutdown the session/connection.

        The feature is controlled through a new system property `jdk.https.negotiate.cbt` which is described fully at the following page: https://docs.oracle.com/en/java/javase/19/docs/api/java.base/java/net/doc-files/net-properties.html#jdk.https.negotiate.cbt

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                michaelm Michael McMahon
                Reporter:
                michaelm Michael McMahon
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                  Dates

                  Created:
                  Updated: