Crypto Code and OpenJDK
I just got a question about the status of the crypto code in OpenJDK that referred to the limitations mentioned in my blog post from last May. Back then some of the encryption code was not open sour...

Security Unit and Regression Tests on OpenJDK
One thing I forgot to mention in my earlier entry is that apart from the implementation source code we also have a large number of unit and regression tests available on OpenJDK. For security alone, ...

Modules and Security on OpenJDK
I'd like to say a few words about the projects and code on OpenJDK that I am involved with. First off, if you are interested in reading the JDK source code and maybe even contributing, I suggest sta...

JavaOne Pen with USB Flash Drive
I finally went through the contents of my JavaOne backpack this weekend. Along with the usual promotional materials there was a small case with a pen - as far as I recall this was the speaker gift. I...

JavaOne Recap
Brief JavaOne recap now that I have had a weekend to recover: Good announcements, in particular OpenJDK and JavaFX Script. Not a lot of hype about them, which is a good thing: it let's people work ...

JavaOne 2007
JavaOne is upon us once again. Here is a list of the sessions and BOFs related to the work that I am involved in: Tuesday 9pm: BOF-2400: Modularity in the Next-Generation Java Platform, Standard E...

From No Charge To Free
I first became aware of Java in the fall of 1995 sometime after the Netscape announcement and long before I joined Sun. It was around the release of JDK 1.0 beta as I was working on a paper on Java s...

Firefox 2.0, ECC, and Java
Firefox 2.0 was just released today, you should get it! Among many other features it includes support for SSL/TLS ciphersuites that utilize Elliptic Curve Cryptography (ECC). They interoperate very n...

No more 'unable to find valid certification path to requested target'
Some of you may be familiar with the (not very user friendly) exception message javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.securit...

Security feature planning for JDK 7
We are currently in the process of deciding on the security features to tackle for JDK 7. Actually, we have in various stages of this planning process for quite a while. There is no shortage of ide...

Default SSLContext and SSLParameters
They say you cannot claim to have a blog unless you post something at least once a month. That means I am due ;-) So let me talk a bit about a couple of small API changes we made in JSSE: SSLContext....

Mustang Security Docs Updated
I finally got around to updating the security documentation with all the new features added in Java SE 6 that I have been talking about over the past few months ([1], [2], [3], [4], [5]). Let's go th...

ECC Updates and RFC 4492
Mustang build 85 was just posted to java.net. It includes the fix for 6414980, which are the ECC changes I alluded to last time. Specifically it: adds support for the Signature algorithms SHA256w...

Slides for Secure Coding Antipatterns: Avoiding Vulnerabilities
I hope you all had a good time at JavaOne this year, whether you attended in person or watched the webcasts and presentation slides online. I certainly enjoyed it, but I am still recovering from the e...

Java Secure Coding Talk at JavaOne
It's that time of year again - JavaOne season. This year Charlie Lai and I are presenting a session entitled Secure Coding Antipatterns: Avoiding Vulnerabilities. The short short summary is that many ...

Elliptic Curve Cryptography in Java
The latest Mustang build 81 available on java.net includes support for an interesting new technology: Elliptic Curve Cryptography (ECC). Basically, ECC refers to a set of public key cryptosystems....

Hashing a file in 3 lines
As I was working on a Peabody contribution recently, I remembered a short program I wrote a couple of years ago. It shows that you can calculate the message digest of a file in 3 lines of code. Of cou...

The Java PKCS#11 Provider and NSS
Mustang beta has just been released. Read all about it in Mark's blog and if you have not been running the snapshots, you should definitely download and try out the beta. But you knew all that alrea...

Crypto acceleration included
Today Sun announced two truly terrific servers, the Sun Fire T2000 and the T1000. For many workloads, they are simply the fastest 2RU/1RU machines on the planet. Just check out the benchmarks. Plus, ...

JSSE now fully pluggable
J2SE 5.0 Update 6 was just released yesterday. One change I want to highlight is that the JSSE framework is now fully pluggable. This means you can use any 3rd party JSSE provider you wish. No restric...

First (semi-real) post
OK, so here I am. Not that I have anything interesting to write about right now. For the future, my plan is to post little tidbits, debugging tips, and information about things I am currently working ...