Red Hat SummitChapter 3. Red Hat build of OpenJDK features
3.1. New features and enhancements
This section describes the new features introduced in this release. It also contains information about changes in the existing features.
For all the other changes and security fixes, see OpenJDK 11.0.13 Released.
3.1.1. Removed IdenTrust root certificate
The following root certificate from IdenTrust has been removed from the cacerts keystore:
- Alias Name: identrustdstx3 [jdk]
- Distinguished Name: CN=DST Root CA X3, O=Digital Signature Trust Co.
For more information, see JDK-8271434.
3.1.2. Updated keytool to create AKID from SKID for issuing certificate as specified by RFC 5280
The gencert command of the keytool utility has been updated to create AKID from the SKID for issuing certificate as specified by RFC 5280.
For more information, see JDK-8261922.
3.1.3. Added ChaCha20 and Poly1305 TLS cipher suites
The new TLS cipher suites using the ChaCha20-Poly1305 algorithm are added to JSSE. These cipher suites are enabled by default. The TLS_CHACHA20_POLY1305_SHA256 cipher suite is available for TLS 1.3.
The following cipher suites are available for TLS 1.2:
-
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 -
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 -
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
For more information, see JDK-8210799.
3.1.4. Updated the default enabled cipher suites preference
The preference of the default enabled cipher suites are changed. The compatibility impact should be minimal. If needed, applications can customize the enabled cipher suites and its preference.
For more information, see JDK-8219551.
