Mustang Beta is out! Here's what is new in Security
Mustang Beta (JDK 6) was released today and contains many new security features:
- JSR 105, the Java XML Digital Signature API and implementation.
- Native Platform GSS/Kerberos Integration. This feature allows Java GSS applications to take advantage of features in the native GSS/Kerberos implementation available on the platform.
- Support for Smart Card I/O API. The Sun JDK bundles the Smart Card I/O API defined by JSR 268. It also includes a provider that implements Smart Card I/O using the PC/SC functionality of the host platform. This gives Java applications a platform independent way to communicate with Smart Cards using ISO 7816 APDUs.
- Access to native PKI and cryptographic services on Microsoft Windows. Added the SunMSCAPI JCE provider which uses the Microsoft CryptoAPI (CAPI) to offer a variety of RSA cryptographic functions. It acts as a bridge between Java applications and the services offered by the default RSA cryptographic service provider available via CAPI. It provides access to X.509 certificates and RSA key pairs, it performs RSA encryption and decryption, and it creates and validates RSA signatures. It also supports a cryptographic random number generator.
- Support for SPNEGO in Java GSS. The Simple and Protected GSS-API Negotiation (SPNEGO) mechanism is a pseudo security mechanism that enables GSS-API peers to securely negotiate a common security mechanism to be used.
- JSSE pluggability restrictions have been removed. You can now
plug in 3rd party JSSE providers that implement non-standard ciphersuites.
- JAAS-based authentication using LDAP. Added a JAAS login module which enables users to perform authentication using credentials stored in an LDAP directory service.
- JSSE (SSL/TLS) FIPS 140 compliance. The SunJSSE provider now supports an experimental FIPS 140 compliant mode. When enabled and used in combination with the SunPKCS11 provider and an appropriate FIPS 140 certified PKCS#11 token, SunJSSE is FIPS 140 compliant.
- Socket read timeouts are fully supported by SunJSSE SSLSockets. In previous releases, calling setSoTimeout() would sometimes lead to unpredictable results. This has been corrected.
- Support for the Kerberos AES and RC4-HMAC Encryption Types.
- Support for new Kerberos Pre-Authentication Mechanisms.
- Enhancements to the implementation of PKI Certificate Path Builder and Validator. Added support for segmented and indirect CRLs and the authority information access extension, resulting in improved performance, path discovery, and PKIX compliance (RFC 3280).
See the Mustang security documentation for more details on these and all of the features of Java security.