Bug ID: JDK-8283795 Add TLSv1.3 and CNSA 1.0 algorithms to implementation requirements

JDK-8283795 : Add TLSv1.3 and CNSA 1.0 algorithms to implementation requirements

Type: Enhancement
Component: security-libs
Sub-Component: java.security

Priority: P3
Status: Resolved
Resolution: Fixed

Submitted: 2022-03-28
Updated: 2025-01-20
Resolved: 2025-01-09

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 25
25 b06Fixed

Related Reports

CSR :	JDK-8346684 - Add TLSv1.3 and CNSA 1.0 algorithms to implementation requirements
Relates :	JDK-5001004 - Required Security Algorithms need to be defined
Relates :	JDK-8176745 - Drop SSLContext TLSv1 cipher suite requirements
Relates :	JDK-8214443 - Remove TLS v1 and v1.1 from SSLContext required algorithms
Relates :	JDK-8214483 - Remove algorithms that use MD5 or DES from security requirements
Relates :	JDK-8015388 - Required algorithms for JDK 9

Sub Tasks

JDK-8347354 :

Release Note: Added TLSv1.3 and CNSA 1.0 Algorithms to Implementation Requirements - Resolved

Description

Periodically, we review the algorithm requirements [1] to see if new algorithms should be added or existing ones should be removed. We propose to add the following new requirements:

- Add TLSv1.3 to the list of requirements. TLSv1.3 is the most secure protocol version and is in wide use. Add all cryptographic algorithms that are needed to implement the TLSv1.3 cipher suites and signature mechanisms that are defined by https://www.rfc-editor.org/rfc/rfc8446 as MUST or SHOULD requirements. 

- Add the algorithms that are required by CNSA 1.0. CNSA 1.0 support was added in JDK 19: https://bugs.openjdk.org/browse/JDK-8267319.

No required algorithms or protocols are being removed at this time.

[1] https://docs.oracle.com/en/java/javase/23/docs/specs/security/standard-names.html#security-algorithm-implementation-requirements

Comments

Changeset: 3bfa9521 Branch: master Author: Sean Mullan <mullan@openjdk.org> Date: 2025-01-09 17:34:20 +0000 URL: https://git.openjdk.org/jdk/commit/3bfa9521d5b7e702e842fe1297dbb2ed643f0b0a

09-01-2025

A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk/pull/22904 Date: 2025-01-02 14:41:48 +0000

02-01-2025

noreg-jck label added - the existing JCK tests which test for required algorithms should be updated.

02-01-2025