Transport Level Security (TLS) 1.2 will be set by default to the next version of standard Java, that is coming on March 18. The TLS will provide encrypted internet communications, but will not completely solve Java’s security problems, as Java’s encrypted communications no panacea for security problems explains.
TLS version 1.2 will be enabled in Java Development Kit (JDK) 8. As introduced in a Java Platform Group blog post, the protection of internet communications against eavesdropping will be provided by version 1.2 of TLS, which will also be compatible with versions 1.0 and 1.1. Conversations between two parties will be encrypted, so that no one can read or modify them. When certificate authorities are set too, then a satisfied level of trust is reached.
Security problems have been around in client-side Java over the last years. So TLS plans to solve them. Particularly, as Eve Maler, security analyst at Forrester Research explains, TLS will ensure that no data is exposed to third parties, the parties know for sure who they are communicating with and no malware-ridden message is received by a party. Though, Maler explains, the problem is that older versions of Java platform are still vulnerable.
Oracle emphasizes the need for users to upgrade to Java 8, but since there are many applications tied to older versions, it will be difficult for some users to upgrade.
TLS is the successor to Secure Sockets Layer. TLS 1.2 appeared in JDK 7 in 2011, disabled on clients but enabled by default on server sockets.
