Explore how Oracle is enhancing JDK security in this 44-minute conference talk by Sean Mullan. Discover new JDK 9 security features, including SHA-3, OCSP stapling, DTLS, and DRBG SecureRandom. Learn about the default security configuration that protects applications from weak cryptographic algorithms and the disabling of SHA-1 certificates. Understand the cryptographic roadmap, Java security components, and the implementation of unlimited cryptographic policy by default. Gain insights into PKCS12 keystores, CPU instructions for GHASH and RSA, and TLS Application Layer Protocol Negotiation Extension. Examine the module system security features and their impact on Java application security in today's internet-connected world.
Making the JDK More Secure - New Features and Default Configuration
Overview
Syllabus
Intro
Program Agenda
Making the JDK More Secure
Java Security Components
Making the DK Secure by Default
Cryptographic Roadmap
Disable SHA-1 Certificates
Enable Unlimited Cryptographic Policy By Default
Configuring the Restrictions
Default Restrictions
Restrictions Example
JDK 9 Security Features
Create PKCS12 Keystores by Default
Leverage CPU Instructions for GHASH and RSA
DRBG-Based Secure Random Implementations
OCSP Stapling for TLS
TLS Application Layer Protocol Negotiation Extension
Datagram Transport Layer Security (DTLS)
Other Module System Security Features
Conclusion
Taught by
Java
