While the recently released Java 23 features a dozen official APIs, including a second-class file API preview and an eighth incubator of a vector API, it also arrives with numerous security capabilities. Crypto-secured enhancements propel safety advancements through streamlined Kerberos and PKI integrations.
was launched on September 17.
Sean Mullan, Technical Lead of the Java Safety Libraries team at Oracle, has published a timely update highlighting the key features of JDK 23’s security capabilities. Mullan achieved a duplicate record in March. For , the CipherInputStream The buffer size was increased from 512 bytes to 8,192 bytes. This will significantly boost efficiency and aligns precisely with established buffer size standards for various APIs, mirroring java.io.FileInputStream. The streamlined process of establishing a… java.safety.SecureRandom object by way of new SecureRandom() was improved. Additionally for the crypto API, a novel PKCS11 configuration attribute named “crypto.api.p11.attribute.name” will facilitate seamless integration with the existing infrastructure. allowLegacy was launched. Can functions set this value to “true” in order to bypass legacy checks? The default worth is “false.”
Within the Public Key Infrastructure (PKI) realm, new root Certificate Authority (CA) certificates have been successfully added to the cacerts keystore, alongside existing trusted roots. CN=Actually Root R1, 0=Actually, C=US and CN=Actually Root E1, O=Actually, C=US. Additionally, the feature set includes two new GlobalSign root certificates, along with CN=GlobalSign Root CA - R46, O=GlobalSign nv-sa, C=BE and CN=GlobalSign Root Certificate, O=GlobalSign NV-SA, C=BE. Moreover, a brand new javasecurity.Keystore named KeychainStore-ROOT Is certified by Apple as a safety supplier. The system’s keystore stores root certificates that are securely kept in the system keychain for use by macOS applications. The technology company’s supplier has recently begun supporting a dual-key architecture, facilitating secure transactions with both. KeychainStore-Root and the present KeychainStore The solution seamlessly integrates support for both public and private keys, as well as certificates, ensuring seamless storage and management within the consumer’s keychain. This enhancement resolves issues causing HTTP connection failures due to the Java Development Kit (JDK) being unable to validate the peer’s certificate chain by verifying its trust in the root certificate store.
