A suggestion about specifying a source of secure randomness for better security #14026
Comments
|
Looks valid. @normanmaurer WDYT? |
|
@hyperxpro @Gax-c I think we could add another constructor that take one ? |
|
Yup. Shall I go ahead with a PR? |
|
@hyperxpro sure |
|
Hi @normanmaurer, @hyperxpro, @Gax-c I'm interested in this so I created a PR. Could you please review this? |
normanmaurer
added a commit
that referenced
this issue
May 22, 2024
…14058) Motivation: Enhance security by supporting specific secure randomness source in SSLContext initialization Modification: Support building SecureRandom in `SslContextBuilder`. Allow passing SecureRandom as a parameter when creating an instance of `JdkSslServerContext` through its constructor. Result: Enhance security Fixes #14026 --------- Co-authored-by: Norman Maurer <norman_maurer@apple.com>
normanmaurer
added a commit
that referenced
this issue
May 22, 2024
…14058) Motivation: Enhance security by supporting specific secure randomness source in SSLContext initialization Modification: Support building SecureRandom in `SslContextBuilder`. Allow passing SecureRandom as a parameter when creating an instance of `JdkSslServerContext` through its constructor. Result: Enhance security Fixes #14026 --------- Co-authored-by: Norman Maurer <norman_maurer@apple.com>
normanmaurer
added a commit
that referenced
this issue
May 22, 2024
…14058) Motivation: Enhance security by supporting specific secure randomness source in SSLContext initialization Modification: Support building SecureRandom in `SslContextBuilder`. Allow passing SecureRandom as a parameter when creating an instance of `JdkSslServerContext` through its constructor. Result: Enhance security Fixes #14026 --------- Co-authored-by: Norman Maurer <norman_maurer@apple.com>
normanmaurer
added a commit
to yawkat/netty
that referenced
this issue
Jul 17, 2024
…etty#14058) Motivation: Enhance security by supporting specific secure randomness source in SSLContext initialization Modification: Support building SecureRandom in `SslContextBuilder`. Allow passing SecureRandom as a parameter when creating an instance of `JdkSslServerContext` through its constructor. Result: Enhance security Fixes netty#14026 --------- Co-authored-by: Norman Maurer <norman_maurer@apple.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello everyone! I'm new to netty and when I was browsing the code I found the following code in
JdkSslServerContext.javahere:The code here use a "null", which means using the default securerandom. Although securerandom has already provided enough security, specifying one will ensure better security. For example, using SunJSSE.cryptoProvider for fip mode will be better.
The text was updated successfully, but these errors were encountered: