JDK-8046294 : Generate the 4-byte timestamp randomly
- Type: Bug
- Component: security-libs
- Sub-Component: javax.net.ssl
- Priority: P3
- Status: Closed
- Resolution: Fixed
- Submitted: 2014-06-09
- Updated: 2016-06-13
- Resolved: 2016-05-23
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 9 |
|---|
9 b120Fixed  |
Related Reports
|
Blocks :
|
Description
Section 3.3.2, NIST SP 800-52: --------------------------------------------- The server random value, sent in the ServerHello message, contains a 4-byte timestamp[*] value and 28-byte random value. The validated random number generator shall be used to generate the 28-byte random value of the server random value. The validated random number generator should be used to generate the 4-byte timestamp of the server random value. Section 4.3.2, NIST SP 800-52: --------------------------------------------- The validated random number generator shall be used to generate the 28-byte random value of the client random value. The validated random number generator should be used to generate the 4-byte timestamp of the client random value. [*] The timestamp value does not need to be correct in TLS. It can be any 4-byte value, unless otherwise restricted by higher-level or application protocols.
Comments
|