Weak cryptographic algorithms can now be disabled in Java SE 7 release. The MD2 Message-Digest Algorithm was disabled by default in Sun PKIX provider and SunJSSE provider.
The MD2 algorithm is a cryptographic hash function developed by Ronald Rivest in 1989, and was published in 1992 as an Informational RFC (RFC 1319).; RFC 6149 moves RFC 1319/MD2 to historic status, "Since its publication, MD2 has been shown to not be collision-free, albeit successful collision attacks for properly implemented MD2 are not that damaging. Successful pre-image and second pre-image attacks against MD2 have been shown."
Although MD2 is no longer considered secure, it remains in use in public key infrastructures as part of certificates generated with MD2 and RSA. An a countermeasure of the vulnerability, Java SE has disabled MD2 algorithm in certification path building and validation.
You may wonder, Java SE has disabled MD2 algorithm in certification path building and validation in the latest…
RFC 5288 describes the use of AES in Galois Counter Mode (GCM) (AES-GCM) with various key exchange mechanisms as a cipher suite for TLS. AES-GCM is an authenticated encryption with associated data (AEAD) cipher (as defined in TLS 1.2) providing both confidentiality and data origin authentication.
Java SE had already defined the AES-GCM interfaces in Java SE 7. In the coming Java SE 8, as an implementation of JEP 115, AES-GCM algorithms is implemented in SunJCE provider, and AES-GCM cipher suites are implemented in SunJSSE provider.
The following SSL/TLS AEAD/GCM cipher suites, in preference order, are enabled by default in SunJSSE provider for TLS version 1.2: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (RFC 5289)
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (RFC 5289)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (RFC 5289)
TLS_RSA_WITH_AES_256_GCM_SHA384 (RFC 5288)
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 (RFC 5289)
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 (RFC 5289)
What's OCSP Stapling?
stapling, also known as the TLS Certificate Status Request extension, is
an alternative approach to the Online Certificate Status Protocol
(OCSP) for checking the revocation status of X.509 digital certificates.
It allows the presenter of a certificate to bear the resource cost
involved in providing OCSP responses, instead of the issuing Certificate
Authority (CA). [WIKI]
OCSP stapling, it is the responsibility of the web site to get the OCSP
response and send OCSP response to clients/browsers in SSL/TLS
OCSP stapling is defined as TLS Certificate Status Request extension in section 8 of RFC 6066.
The Benefits of OCSP StaplingThe performance bottleneck of OCSP server If client checks the
certificate status directly from OCSP server, for each client with a
given certificate, the OCSP server has to response with a particular
certificate status. For high traffic web site, OCSP server is likely to
be the performance bottleneck…