Profile cover photo
Profile photo
Xuelei Fan
About
Xuelei's posts

Post has attachment
Love To Use Braces Even For Single Line Statement
On Feb. 21, 2014, Apple released security update for iOS that affected SSL/TLS connections. The impact is described as "An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS." And the CVSS v2 Base Score ...

Post has attachment
JEP 115: AES-GCM CipherSuites in JDK 8
Chengdu, China RFC 5288 describes the use of AES in Galois Counter Mode ( GCM ) (AES-GCM) with various key exchange mechanisms as a cipher suite for TLS. AES-GCM is an authenticated encryption with associated data (AEAD) cipher (as defined in TLS 1.2 ) pro...

Post has attachment
JEP 114: TLS SNI Extension - Virtual Servers Dispatcher
The implementation of  JEP 114  (TLS Server Name Indication (SNI) Extension) had  integrated into JDK 8  at October, 2012. In  the previous blog entries , we talked about the behavior changes in JSSE, and a few typical user cases . Let's look at a special u...

Post has attachment
JEP 114: TLS SNI Extension - Virtual Servers Dispatcher
The implementation of  JEP 114  (TLS Server Name Indication (SNI) Extension) had  integrated into JDK 8  at October, 2012. In  the previous blog entries , we talked about the behavior changes in JSSE, and a few typical user cases . Let's look at a special u...

Post has attachment
JEP 114: TLS SNI Extension - Typical User Cases
The implementation of  JEP 114  (TLS Server Name Indication (SNI) Extension) had  integrated into JDK 8  at October, 2012. In  the previous two blog entries , we talked about the behavior changes in JSSE. Let's look at a few typical user cases. Please refer...

Post has attachment
JEP 114: TLS SNI Extension - SunJSSE Behavior Changes (Continue)
The implementation of JEP 114 (TLS Server Name Indication (SNI) Extension) had integrated into JDK 8  at October, 2012. In the previous blog entry , we talked about the behavior changes in client and server side. This blog entry will continue to talk about ...

Post has attachment
JEP 114: TLS SNI Extension - SunJSSE Behavior Changes
The implementation of JEP 114 (TLS Server Name Indication (SNI) Extension) had integrated into JDK 8  at October, 2012. This blog entry will talk about some useful behavior changes and user cases that make use of SNI extenstion.  Please refer to javax.net.s...

Post has attachment
TLS Server Name Indication Extension and Unrecognized_name
It's getting hot that some TLS/HTTPS server failed with "unrecognized_name". For example, the Adobe AIR 3 Code Signing Certificate Problem , the ADT handshake alert , and the jarsigner issue with timestamp.geotrust.com , etc. This entry will discussion some...

Post has attachment
Understanding of OCSP Stapling
What's OCSP Stapling? OCSP
stapling, also known as the TLS Certificate Status Request extension, is
an alternative approach to the Online Certificate Status Protocol
(OCSP) for checking the revocation status of X.509 digital certificates.
It allows the ...

Post has attachment
Harness SSL and JSSE: Key Size Control
Why Key Size Concerns The
key size is an important security parameter to determine the strength
of cryptography algorithms. For example, RSA keys with fewer than 1024
bits are considered forgeable.  If RSA keys less than 1024 bits are used
in X.509 cert...
Wait while more posts are being loaded