JDK-8301626 : Capture Key Exchange information in TLSHandshakeEvent
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Priority: P3
  • Status: Open
  • Resolution: Unresolved
  • Submitted: 2023-02-01
  • Updated: 2024-07-26
Related Reports
Relates :  
JDK-8301700 - Increase the default TLS Diffie-Hellman group size from 1024-bit to 2048-bit
Description
It would be useful to also log information related to TLS key exchange phase, such as the key exchange mode, the size of the DH key, and the signature algorithm.
Comments
current prototype looking at broadening the number of fields captured in TLSHandshakeEvent to include: * sessionId * isResumingSession (e.g.) true * key exchange keyLength (e.g.) 255 * key exchange keyType (e.g. ("XDH") (might also add a "isServerRole" boolean to record whether the handshake details are from client or server endpoint) The SSLAlgorithmConstraints data held in the handshakeContext algorithmConstraints looks like a suitable class to hold reference to the key details used during the key exchange phase. This data can then be access in the Finished consumer where the JFR event is committed.
26-07-2024