JEP 329: ChaCha20 and Poly1305 Cryptographic Algorithms

Jamil Nimeh jamil.j.nimeh at oracle.com
Fri Mar 23 22:32:00 UTC 2018


Hi Thomas,

The TLS cipher suites have been decoupled from the ChaCha20/Poly1305 JEP 
because of the changes in the new handshake design [1] for our JSSE 
provider.  From a programmatic/schedule perspective, it made more sense 
to get the algorithms in ahead of the TLS cipher suites and then add the 
cipher suites once the handshaking code is a bit farther along in its 
implementation.

With respect to a pluggable interface for TLS cipher suites and hello 
extensions, this is an area we have done some investigation on in the 
past, but haven't seriously pursued it due to other features taking a 
higher priority in each release.  It is certainly a topic that we can 
discuss on the alias in terms of how one would go about doing it.

It appears that you've signed an OCA (Oracle Contributor Agreement) but 
I would probably start with discussions on designing APIs for plugging 
in extensions and/or cipher suites before we start looking at code.  
Your thoughts on the design for these features would be welcome.

[1] http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.01/

--Jamil

On 3/22/2018 3:26 PM, Thomas Lußnig wrote:
> Hi,
>
> is there any reason that the cipher and and the tls inclusion is split 
> into two separate jep?
> And the second question is why is there no way for user to add new 
> cipher suites that can
> be used in the tls protocol? Since i extend jdk8 with chacha for tls i 
> know that it would be
> no big issue to add an API that allow to add new CipherSuites this 
> would be an great improvement
> if the TLS-Protocol and the CIPHER-Implementation is more loose coupled.
> Also an plugin system for TLS-Hello Extensions would be great.
>
> Gruß Thomas
>
> On 3/22/2018 10:19 PM, mark.reinhold at oracle.com wrote:
>> New JEP Candidate: http://openjdk.java.net/jeps/329
>>
>> - Mark



More information about the security-dev mailing list