Keeping Network Traffic Safe in JDK 8 with TLS 1.3 -

Network Traffic Security

For those of you old enough to remember the film, Marathon Man, there’s a famous scene with the quote, “Is it safe?” Azul has just ensured that the answer to that question is yes when posed about running an application on Java SE 8 that transfers data across a network.

In a networked environment, it is often vital to ensure that data is transferred securely. The Internet was designed to adapt to changes in topology with packets routed dynamically to cope with nodes appearing and disappearing. Although this is good for withstanding a nuclear attack (one of the initial requirements of the ARPANET, the precursor to the Internet), it makes the interception of packets a simple task. From the beginning of the world wide web protocols have been developed to encrypt networked data. This started with the Secure Sockets Layer (SSL), developed by Netscape to allow the implementation of https for web traffic. Without going into too much detail, it’s ironic that SSL 1.0 was never publicly released and SSL 2.0 only lasted for a year because of significant security flaws!

Transport Layer Security (TLS) was introduced as a replacement for SSL in 1999 and has lasted well. TLS 1.2 was released in 2008 with a variety of updates to ensure stronger encryption of data. With advances in processing power and the ability to brute-force break an increasing number of ciphers, TLS 1.3 was released in August last year using stronger cryptographic algorithms.

The Java platform implements changes to the standards that it uses as they become available. In the case of TLS 1.3, this was included in JDK 11 but was not backported to JDK 8. Until now.

The majority of Java users are still running JDK 8 in production, and we at Azul considered it essential that users of Zulu Community and Enterprise Editions should be able to take advantage of this.

To ensure full backwards compatibility, we are making TLS 1.3 support available to customers and the entire Java 8 community who wish to validate their applications. Plus, we’ve open sourced TLS 1.3 support for JDK 8 under the OpenJSSE.org project on GitHub.

If you need better security in your networked Java deployments why not give it a try?