Transport Level Security (TLS) 1.2 will be set by default to the next version of standard Java, that is coming on March 18. The TLS will provide encrypted internet communications, but will not completely solve Java’s security problems, as Java’s encrypted communications no panacea for security problems explains.
TLS version 1.2 will be enabled in Java Development Kit (JDK) 8. As introduced in a Java Platform Group blog post, the protection of internet communications against eavesdropping will be provided by version 1.2 of TLS, which will also be compatible with versions 1.0 and 1.1. Conversations between two parties will be encrypted, so that no one can read or modify them. When certificate authorities are set too, then a satisfied level of trust is reached.
Security problems have been around in client-side Java over the last years. So TLS plans to solve them. Particularly, as Eve Maler, security analyst at Forrester Research explains, TLS will ensure that no data is exposed to third parties, the parties know for sure who they are communicating with and no malware-ridden message is received by a party. Though, Maler explains, the problem is that older versions of Java platform are still vulnerable.
Oracle emphasizes the need for users to upgrade to Java 8, but since there are many applications tied to older versions, it will be difficult for some users to upgrade.
TLS is the successor to Secure Sockets Layer. TLS 1.2 appeared in JDK 7 in 2011, disabled on clients but enabled by default on server sockets.Related Whitepaper:
Bulletproof Java Code: A Practical Strategy for Developing Functional, Reliable, and Secure Java Code
Use Java? If you do, you know that Java software can be used to drive application logic of Web services or Web applications. Perhaps you use it for desktop applications? Or, embedded devices? Whatever your use of Java code, functional errors are the enemy!
To combat this enemy, your team might already perform functional testing. Even so, you're taking significant risks if you have not yet implemented a comprehensive team-wide quality management strategy. Such a strategy alleviates reliability, security, and performance problems to ensure that your code is free of functionality errors.Read this article to learn about this simple four-step strategy that is proven to make Java code more reliable, more secure, and easier to maintain.