The next generation of the Java runtime, version 8, is around the corner, with the first production release planned for this month. The new runtime brings a slew of language improvements and it’s actually proving to be quite an exciting release.

If you ask me, Java 8 also brings many security improvements that are as important as the new language features. Of particular interest are the improvements to the TLS stack, implemented in the Java Secure Socket Extension (JSSE) component. Why? Because Java 7 and earlier do not give you enough control over TLS termination (details below). As a result, it was simply not possible to terminate TLS at the Java level and achieve sufficient security.

The deficiencies have been addressed in Java 8. Several other key improvements ensure that Java now provides a very good TLS stack. Many of the changes will take effect as you change the JRE, even with older applications. However, for some, we will have to wait (hopefully a short time) until programs take advantage of the new APIs.