JEP 115: AES-GCM CipherSuites in JDK 8

Chengdu, China
RFC 5288 describes the use of AES in Galois Counter Mode (GCM) (AES-GCM) with various key exchange mechanisms as a cipher suite for TLS. AES-GCM is an authenticated encryption with associated data (AEAD) cipher (as defined in TLS 1.2) providing both confidentiality and data origin authentication.

Java SE had already defined the AES-GCM interfaces in Java SE 7.  In the coming Java SE 8, as an implementation of JEP 115, AES-GCM algorithms is implemented in SunJCE provider, and AES-GCM cipher suites are implemented in SunJSSE provider.

The following SSL/TLS AEAD/GCM cipher suites, in preference order, are enabled by default in SunJSSE provider for TLS version 1.2:
    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (RFC 5289)
    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (RFC 5289)
 
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (RFC 5289)
    TLS_RSA_WITH_AES_256_GCM_SHA384 (RFC 5288)
    TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 (RFC 5289)
    TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 (RFC 5289)
    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (RFC 5288)
    TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (RFC 5288)
 
    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (RFC 5289)
    TLS_RSA_WITH_AES_128_GCM_SHA256 (RFC 5288)
    TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (RFC 5289)
    TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (RFC 5289)
    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (RFC 5288)
    TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (RFC 5288)

The following SSL/TLS AEAD/GCM cipher suites are supported but not enabled by default in SunJSSE provider for TLS version 1.2:
    TLS_DH_anon_WITH_AES_256_GCM_SHA384 (RFC 5288)
    TLS_DH_anon_WITH_AES_128_GCM_SHA256 (RFC 5288)

The following SSL/TLS AEAD/GCM cipher suites are defined, but not implemented or supported by SunJSSE provider:
    TLS_DH_RSA_WITH_AES_128_GCM_SHA256 (RFC 5288)
    TLS_DH_RSA_WITH_AES_256_GCM_SHA384 (RFC 5288)
 
    TLS_DH_DSS_WITH_AES_128_GCM_SHA256 (RFC 5288)
    TLS_DH_DSS_WITH_AES_256_GCM_SHA384 (RFC 5288)

For better compatibility and interoperability, in JDK 8, it is decided to decrease the preference priority of cipher suites in GCM mode for a while before GCM technologies mature in the industry. New developments in TLS security have occurred recently, the industry is moving towards TLS 1.1/1.2 and the use of GCM-based cipher suites. The preference priority of GCM-based cipher suites by default may be increased in JDK 9, or a JDK 8 update release in the future.

Enojoy this new feature!

Popular posts from this blog

Java™ SE 7 Release Security Enhancements - Weak Cryptography Control

JSSE Oracle Provider Preference of TLS Cipher Suites