JDK-4873188 : Support TLS 1.1
- Type: Enhancement
- Component: security-libs
- Sub-Component: javax.net.ssl
- Affected Version: 1.4.0,5.0,6,7
- Priority: P3
- Status: Closed
- Resolution: Fixed
- OS: generic
- CPU: generic
- Submitted: 2003-06-03
- Updated: 2020-07-22
- Resolved: 2011-03-07
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 7 |
|---|
7 b118Fixed  |
Related Reports
|
Duplicate :
|
|
|
Duplicate :
|
|
|
Duplicate :
|
|
|
Relates :
|
|
|
Relates :
|
|
|
Relates :
|
Description
TLS 1.1 (http://www.ietf.org/internet-drafts/draft-ietf-tls-rfc2246-bis-04.txt) will complete WG last call on June 10, 2003. We should support it when standardization is complete.
TLS 1.1 was issued as the Standards Track in April 2006, RFC 4346. http://www.ietf.org/rfc/rfc4346.txt. The major changes from TLS 1.0 are:
- The implicit Initialization Vector (IV) is replaced with an
explicit IV to protect against CBC attacks [CBCATT].
- Handling of padding errors is changed to use the bad_record_mac
alert rather than the decryption_failed alert to protect against
CBC attacks.
- IANA registries are defined for protocol parameters.
- Premature closes no longer cause a session to be nonresumable.
- Additional informational notes were added for various new attacks
on TLS.
Comments
|