Core Java

Java 8 will use Transport Level Security (TLS) 1.2 as default

Transport Level Security (TLS) 1.2 will be set by default to the next version of standard Java, that is coming on March 18. The TLS will provide encrypted internet communications, but will not completely solve Java’s security problems, as Java’s encrypted communications no panacea for security problems explains.

TLS version 1.2 will be enabled in Java Development Kit (JDK) 8. As introduced in a Java Platform Group blog post, the protection of internet communications against eavesdropping will be provided by version 1.2 of TLS, which will also be compatible with versions 1.0 and 1.1. Conversations between two parties will be encrypted, so that no one can read or modify them. When certificate authorities are set too, then a satisfied level of trust is reached.

Security problems have been around in client-side Java over the last years. So TLS plans to solve them. Particularly, as Eve Maler, security analyst at Forrester Research explains, TLS will ensure that no data is exposed to third parties, the parties know for sure who they are communicating with and no malware-ridden message is received by a party. Though, Maler explains, the problem is that older versions of Java platform are still vulnerable.

Oracle emphasizes the need for users to upgrade to Java 8, but since there are many applications tied to older versions, it will be difficult for some users to upgrade.

TLS is the successor to Secure Sockets Layer. TLS 1.2 appeared in JDK 7 in 2011, disabled on clients but enabled by default on server sockets.

Theodora Fragkouli

Theodora has graduated from Computer Engineering and Informatics Department in the University of Patras. She also holds a Master degree in Economics from the National and Technical University of Athens. During her studies she has been involved with a large number of projects ranging from programming and software engineering to telecommunications, hardware design and analysis. She works as a junior Software Engineer in the telecommunications sector where she is mainly involved with projects based on Java and Big Data technologies.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
Back to top button