Java 9 Security Enhancements

With the General Availability release of Java 9 scheduled for today, I thought it would be appropriate to go over the new features that pertain to security.

Implement HTTP/2 Client
Implementation of a HTTP/2 Client in the standard java SDK. JEP 110

SHA-3 Hash Algorithms
Implements the SHA-3 cryptographic hash functions defined by NIST FIPS 202: SHA3-224, SHA3-256, SHA3-384, and SHA3-512. JEP 287

Improve Secure Application Performance
Improves performance of applications that run with a SecurityManager enabled. JEP 232

Disable SHA-1 Certificates
Allows you to disable X.509 certificate chains with SHA-1 based signatures (eg TLS / HTTPS). JEP 288

TLS Application-Layer Protocol Negotiation Extension (ALPN)
Implements the ALPN TLS extension, needed for HTTP/2. JEP 244

Create PKCS12 Keystores by Default
Instead of the proprietary JKS format, use standard PKCS12 format. JEP 229

OCSP Stapling for TLS
Implements OCSP stapling via TLS Certificate Status Request Extension and Multiple Certificate Status Request Extension. JEP 249

Leverage CPU Instructions for GHASH and RSA
Improves performance by leveraging CPU instructions. JEP 246

DRBG-Based SecureRandom Implementations
Implements Deterministic Random Bit Generator defined in NIST 800-90Ar1. JEP 273

Filter incoming serialization data
Allows filtering of incoming streams of object-serialization data. JEP 290

Datagram Transport Layer Security (DTLS) API
Defines an API for working with DTLS (RFC 4347). JEP 219

Overall some nice security improvements to look forward to.