Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News TLS Improvements Backported to Java 8

TLS Improvements Backported to Java 8

This item in japanese

Lire ce contenu en français

Improvements in application-layer TLS negotiation have been backported to Java 8, enabling those clients to leverage networking capabilities on HTTP/2. Previously this work was available in Java 9 and above.

The change is a critical enhancement to older clients, as New Relic's recent "State of Java" report reflected that 85% of systems are running on Java 8. Originally released as JEP 244 with Java 9, this backport enabled clients that update within the Java 8 family to be able to communicate with more recent non-Java systems that request HTTP/2 traffic. Without the update, those clients would be forced into older TLS structures or the server-side application would require an SSL terminator in front of it to support the newer application protocols. KeyCDN has published a pictorial representation of how Application Layer Protocol Negotiation works.

Each technology has been available within many production systems for several years.

HTTP/2 is built atop a Google-driven initiative called SPDY. Although the underlying SPDY work was available within the timeframe of Java 8, there was no official industry standard available until the Java 9 timeframe. Prior to HTTP/2, SPDY was a Google-driven activity subject to change or cancellation without notice.

Cloud analyst Corey Quinn quipped about Google’s support for products such as online discussions, "I just don’t understand why Zoom is the de facto videoconferencing solution instead of Google Meet or Hangouts or Duo or Allo or Talk or Hangouts Chat or GTalk or Buzz or Wave or Messages or Spaces or Voice or…" Each item after Google Meet is a canceled Google chat service. Quinn followed up with a picture of a mischievous goose on Google' G logo, saying "Deprecate things on purpose. You are a horrible goose." As a major lead in the HTTP/2 protocol, Google did not sunset SPDY until after a well-managed coordination with peer technology organizations that formed the standard. The feature was then included in the subsequent major Java release.

Application Layer Protocol Negotiation enables better compression between client and server applications, which can exchange and decode on the proper protocol during a client hello handshake.

Developers who are unfamiliar with the inner workings of TLS can leverage different online tools such as Hardernize to provide red-amber-green indicators of security. Rather than focusing on individual practices of TLS and algorithm configuration, these tools evaluate a server’s responses and TLS handshake information to determine other issues such as algorithm availability, certificate key strength, HTTP headers, or other sources of interest for server administrators and security professionals.

Operations teams looking to use leverage the TLS improvements can obtain the backport through public Java 8 providers such as AdoptOpenJDK. Development teams looking to leverage this feature should consider following a Microsoft guide entitled "From Java 8 to 11."

Rate this Article