OpenJDK Security Development

This forum is an archive for the mailing list security-dev@openjdk.java.net (more options) Messages posted here will be sent to this mailing list.
The term "Security" has broad meanings and interpretations. It spans a wide range of areas, including cryptography, public key infrastructure, secure communication, authentication, and access control. The security component thus comprises a large set of APIs, tools, and implementations of commonly-used security algorithms and protocols.

As security concepts such as permissions are tightly interwoven throughout the entire Java source code, these component pages do not address issues in the other primary component areas (language features and virtual machine implementations, core libraries, graphics subsystems, hotspot, serviceability, etc). For a more detailed treatment, please see the corresponding component pages.

The primary emphasis of these pages is to explore the core security components source bases, and hopefully, get developers up to speed quickly.
1234567 ... 248
Topics (8674)
Replies Last Post Views
RFR 8171279: Support X25519 and X448 in TLS 1.3 by Adam Petcher
23
by Xuelei Fan-2
RE: RFR: 8209452: VerifyCACerts.java failed with "At least one cacert test failed" (gtecybertrustglobalca certificate) by Langer, Christoph
3
by Sean Mullan
RFR: JDK-8140466: ChaCha20-Poly1305 TLS cipher suites by Jamil Nimeh
3
by Xuelei Fan-2
RFR (JDK 12): 6899533: SecureClassLoader and URLClassLoader have unnecessary check for createClassLoader permission by Sean Mullan
1
by Mandy Chung
RFR: 8210432: Add additional TeliaSonera root certificate by Rajan Halade
1
by Sean Mullan
Code Review Request, JDK-8210334, TLS 1.3 server fails if ClientHello doesn't have pre_shared_key and psk_key_exchange_modes by Xuelei Fan-2
2
by Bradford Wetmore
RFR 8210338: Better output for GenerationTests.java by Weijun Wang
1
by Xuelei Fan-2
Release note review, JDK-8210070, Release Note: The "supported_groups" extension should not present in the ServerHellos handshake message by Xuelei Fan-2
3
by Alan Bateman
RFR[12] JDK-8209362: sun/security/ssl/SSLSocketImpl/ReuseAddr.java failed due to "BindException: Address already in use (Bind failed)" by sha.jiang
5
by Xuelei Fan-2
RFR 8201317: X25519/X448 code improvements (xs) by Adam Petcher
3
by Xuelei Fan-2
RFR 8209416: Refactoring GetPropertyAction calls in JGSS by Weijun Wang
14
by Alan Bateman
RFR 8209995: java.base does not need to export sun.security.ssl to java.security.jgss by Weijun Wang
3
by Bradford Wetmore
Code Review Request JDK-8209965 : The "supported_groups" extension in ServerHellos by Xuelei Fan-2
3
by Anthony Scarpino
Align SSLSocket and SSLEngine Javadocs by Simone Bordet
3
by Xuelei Fan-2
SSLSocket session resumption not working with TLS 1.3 and 11+27 by Simone Bordet
3
by Adam Petcher
[PATCH]: Support for brainpool curves from CurveDB in SunEC by Tobias Wagner
7
by Bernd Eckenfels-4
Java 11 RC build - HTTPS handshake failure against a previously working server by Jaikiran Pai
9
by Xuelei Fan-2
RFR 6474858 : CardChannel.transmit(CommandAPDU) throws unexpected ArrayIndexOutOfBoundsException by Ivan Gerasimov
2
by Ivan Gerasimov
[12] RFR 8193859: Allow user provided ObjectInputFilter in SealedObject and SignedObject by Weijun Wang
23
by roger riggs
SSLSocket weird behavior in JDK 11+27 by Simone Bordet-3
1
by Xuelei Fan-2
RFR (XS) 8209851 : Algorithm name is compared via reference identity by Ivan Gerasimov
1
by Sean Mullan
JDK-8209129 :Further improvements to cipher buffer management by Seán Coffey
12
by Xuelei Fan-2
RFR 8201290: keytool importcert fails with CertificateParsingException if unknown certificate algorithms should be imported by Weijun Wang
14
by Jamil Nimeh
Re: hg: jdk/jdk: 8186186: GSSContext.isEstablished() can return true on error state by David Holmes
3
by Ivan Gerasimov
SSLEngine weird behavior in 11+21? by Simone Bordet
30
by Xuelei Fan-2
RFR: 8u-dev : 8206911: javax/xml/crypto/dsig/GenerationTests.java fails in 8u-dev by Seán Coffey
1
by Sean Mullan
RFR 8209829: SpnegoUnknownMech.java does not contain the SpnegoUnknownMech class by Weijun Wang
1
by David Holmes
RFR 8186186 : GSSContext.isEstablished() can return true on error state by Ivan Gerasimov
1
by Weijun Wang
RFR11(s): 8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy by Bradford Wetmore
5
by Xuelei Fan-2
RFR: Disable all DES cipher suites by Jamil Nimeh
5
by Xuelei Fan-2
RFR - 8203614: Java API SSLEngine example code needs correction by Jamil Nimeh
2
by Bradford Wetmore
RFR: JDK-8208675: Remove legacy sun.security.key.serial.interop property by Seán Coffey
1
by Sean Mullan
RFR[11]: release note for JDK-7007966 "Add Brainpool ECC support (RFC 5639)" by Valerie Peng
3
by Adam Petcher
JDK 12 RFR of JDK-8209024: Use SuppressWarnings on serialVersionUID fields in interfaces by joe darcy
11
by joe darcy
RFR[11] JDK-8209537: Two security tests failed after JDK-8164639 due to dependency was missed by sha.jiang
1
by Rajan Halade
1234567 ... 248