While the recently released Java 23 release includes a dozen official features ranging from a second preview of the Class File API to an eighth preview of a Vector API, it also includes several security capabilities. Security enhancements include encryption performance upgrades and additions to Kerberos and PKI.
JDK23 It was released on September 17th. On the same day Java Security Blog The post by Sean Mullan, technical lead for the Java Security Libraries team at Oracle, lists the security capabilities of JDK 23. Mullan made a similar list for JDK22 In March. For javax.cryptohe CipherInputStream The buffer size has been increased from 512 bytes to 8192 bytes. This may improve performance and is more consistent with buffer sizes of other APIs such as java.io.FileInputStream. In addition, the performance of building a java.security.SecureRandom object via new SecureRandom() Improved. Also for the encryption API, a new PKS11 configuration attribute called allowLegacy Introduced. Applications can set this value to “true” to bypass legacy checks. The default value is “false”.
In the PKI area, new root CA certificates have been added to the cacerts keystore, including CN=Certainly Root R1, 0=Certainly, C=US and CN=Certainly Root E1, O=Certainly, C=USAlso included are two new GlobalSign root certificates, including CN=GlobalSign Root R46, O=GlobalSign nv-sa, C=BE and CN=GlobalSign Root E46, O=GlobalSign nv-sa, C=BEIn addition, a new javasecurity.Keystore appointed KeychainStore-ROOT Added to Apple Security Provider. This keystore contains root certificates stored in the system keychain on macOS systems. The Apple provider now supports two keystores: KeychainStore-Root and the existing one KeychainStore which contains private keys and certificates for the user’s keychain. This enhancement fixes issues that caused HTTP connections to fail because the JDK could not find a root certificate to establish trust in the peer’s certificate chain.
