Learn More About Security Enhancements in Java SE 8

Oracle constantly works on improving the security of the Java platform. The following security enhancements are new for JDK 8; see JDK 8 Security Enhancements for more details:

  • Client-side TLS 1.2 (an industry standard) enabled by default; improves security of data in transit; see the Protocols section of the SunJSSE Provider and Customizing JSSE
  • Enhanced support for certification revocation checking; it enables the Java community to better police their own certificates; see Check Revocation Status of Certificates with PKIXRevocationChecker Class
  • New tool, jdeps, Java class dependency analyzer, identifies external dependencies that may negatively impacting your applications' ability to upgrade to the latest security patches
  • Type Annotations help ensure that your data is consistent with your requirements
  • SSL/TLS Server Name Indication (SNI) Extension is a TLS extension to support virtual hosting environments; previously, HTTPS servers could not be hosted in a virtual hosting infrastructure where multiple domains share the same IP address; see Server Name Indication (SNI) Extension
  • High entropy random number generation; see SecureRandom section of the JCA Reference Guide and the SecureRandom API Specification
  • The cryptographic algorithms in JDK 8 have been enhanced with the SHA-224 variant of the SHA-2 family of message-digest implementations
  • Support for NSA Suite B cryptography has been enhanced
  • The PKCS 11 provider support for Windows has been expanded to include 64-bit
  • Overhauled JKS-JCEKS-PKCS12 Keystore

Many recent improvements focus on limiting attackers from using malicious applets and Rich Internet Applications (RIAs), which have been added in JDK 7 update releases and critical patch updates (CPUs) and in JDK 8. These improvements are described in Java Rich Internet Applications Enhancements in JDK 7, which include the following:

  • Ability to set the security level of the Java client in the Java Control panel
  • Ability to disable any Java application from running in the browser
  • JREs have an expiration date; JREs will behave differently after their expiration date, which encourages upgrades; see JDK 7u10 Release Notes
  • Expanded blacklisting support, which includes a certificate and jar blacklist repository maintained by Oracle; see JDK 7u21 Release Notes
  • Recommendation that all applications be privileged (previously called "signed" applications); otherwise, applications are restricted to the security sandbox
  • By default, all certificates are checked using both OCSP and CRLs
  • New JAR file manifest attributes to defend RIAs against unauthorized code repurposing
  • Deployment Rule Set feature enables an enterprise to establish a whitelist of known applications; applications on the whitelist can be run without most security prompts
  • Ability for enterprises who manage their update process to disable checking of JREs if they are expired or below the security baseline
  • Exception Site List feature provides a way for users to run Java applets and Java Web Start applications that do not meet the latest security requirements

Milton Smith has presented the screencast Java 8 Security Highlights during the Java 8 Launch Webcast, which discusses these enhancements.

See What's New in JDK 8 for additional information of other new features in JDK 8.

Download JDK 8 today and try it out!

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

Blog about Java technology documentation and news about Java releases.

Search

Categories
Archives
« March 2015
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
    
       
Today