Exploring the Security Enhancements in Java 23
Java 23 has recently been released, bringing with it a host of new features and enhancements. One area where significant improvements have been made is in security. Let’s take a closer look at the various security capabilities that come with JDK 23.
Released on September 17, JDK 23 introduces several enhancements to improve security. According to a blog post by Sean Mullan, the technical lead of the Java security libraries team at Oracle, the update includes updates in crypto performance and additions to Kerberos and PKI.
One notable improvement in the crypto API is the increase in buffer size for CipherInputStream
from 512 bytes to 8,192 bytes. This change can significantly enhance performance and aligns the buffer size with other APIs like java.io.FileInputStream
. Additionally, the construction performance of java.security.SecureRandom
objects has been optimized.
Another noteworthy update in the crypto API is the introduction of a new PKS11 configuration attribute called allowLegacy
. By setting this attribute to “true,” applications can bypass legacy checks. The default value for this attribute is set to “false.”
In the realm of PKI, JDK 23 includes the addition of new root CA certificates to the cacerts keystore. These certificates, such as CN=Certainly Root R1, 0=Certainly, C=US
and CN=Certainly Root E1, O=Certainly, C=US
, aim to enhance security and trust in the certificate chain.
Furthermore, the update introduces two new GlobalSign root certificates, CN=GlobalSign Root R46, O=GlobalSign nv-sa, C=BE
and CN=GlobalSign Root E46, O=GlobalSign nv-sa, C=BE
, to bolster security measures.
One significant addition is the inclusion of a new keystore named KeychainStore-ROOT
in the Apple security provider. This keystore contains root certificates stored in the system keychain on macOS systems, resolving issues related to establishing trust in the peer’s certificate chain for HTTP connections.
With these security enhancements in place, Java 23 is set to provide a more secure environment for developers and users alike. Stay tuned for more updates and features from the Java ecosystem.