Feature #87736

DevsOnly: TLS 1.3 and faster GCM cipher support

Added by jiaz about 1 month ago. Updated about 1 month ago.

Status:ClosedStart date:02/18/2020
Priority:HighDue date:
Assignee:jiaz% Done:

100%

Category:DevsOnly
Target version:-
Resolution:Wont Fix

Description

TLS 1.3 support:
  1. official supported by Java >= 11
  2. we can add backported support for Java 8 via https://github.com/openjsse/openjsse, https://github.com/openjsse/openjsse/issues/5 and https://github.com/square/okhttp/pull/5369/files
  1. edit the java.security config file
  2. Register with Security.insertProviderAt, org.openjsse.net.ssl.OpenJSSE
  3. Direct usage of org.openjsse.sun.security.ssl.SSLSocketFactoryImpl
  1. use Azul,https://www.azul.com/downloads/zulu-community, uses openjsse
  2. wait for maybe backported support for Java 8, https://mail.openjdk.java.net/pipermail/jdk8u-dev/2019-November/010573.html

GCM performance: (even more important on low power system like NAS devices)
https://stackoverflow.com/questions/48905291/java-9-aes-gcm-performance

  1. Java 9 already contains several optimizations for higher GCM cipher suite performance
  2. Java 11 contains even more optimizations, especially 11.0.4
  3. optional add support for https://github.com/wildfly-security/wildfly-openssl,a JSSE Provider that makes use of OpenSSL native library.

Related issues

Blocks Bug #87701: High CPU load on https/SSL downloads Closed 01/31/2020

Also available in: Atom PDF