United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6996769 support AEAD ciphers
JDK-6996769 : support AEAD ciphers

Details
Type:
Enhancement
Submit Date:
2010-11-02
Status:
Closed
Updated Date:
2013-07-02
Project Name:
JDK
Resolved Date:
2013-01-08
Component:
security-libs
OS:
generic
Sub-Component:
javax.crypto
CPU:
generic
Priority:
P2
Resolution:
Fixed
Affected Versions:
7
Fixed Versions:

Related Reports
Backport:
Relates:
Relates:

Sub Tasks

Description
TLS 1.2 [RFC 5246] defines AEAD (CCM/GCM) cipher structures, and RFC 5288/5289 defines GCM cipher suite specs.

According to "Suite B Profile for Transport Layer Security" [RFC 5430], "A Suite B compliant TLS version 1.2 or later client MUST offer at least two cipher suites for each supported security level.  For the 128-bit security level, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 and TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 MUST be offered in this order in the ClientHello message.  For the 192-bit security level, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 and TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 MUST be offered in this order in the ClientHello message.  One of these cipher suites MUST be the first (most preferred) cipher suite in the ClientHello message."

In order to be Suite-B compliant, GCM ciphers need to be supported in the default JSSE provider.

                                    

Comments
EVALUATION

We'll see if there is time for JDK 7, but may need to wait for the next release.
                                     
2010-11-03
URL:   http://hg.openjdk.java.net/jdk8/jdk8/jdk/rev/46e6a4b7ca26
User:  lana
Date:  2013-01-15 19:00:22 +0000

                                     
2013-01-15
pending verification due to JDK-8009925
                                     
2013-04-12
written to brad, asking if the changes are put back in the repo
                                     
2013-06-10
Not following Nithya's request for this specific issue.  AEAD were put in quite some time ago.  AEAD Ciphersuites were pulled out due to a project developed in parallel, but then put back in.
                                     
2013-06-11
Test development for this feature is complete.
Issues are being tracked by seperate issues.
Marking this as verified.
                                     
2013-06-12
Link to SQE test plan -

http://wiki.se.oracle.com/display/JPG/Test+Plan+-+AEAD+JSSE+CipherSuites
                                     
2013-07-02
URL:   http://hg.openjdk.java.net/jdk8/tl/jdk/rev/46e6a4b7ca26
User:  valeriep
Date:  2013-01-08 21:08:12 +0000

                                     
2013-01-08



Hardware and Software, Engineered to Work Together