Sicherheitsmerkmale von Java SE 8 - JUG Saxony Day...•Table Option Description-keystore url...

Sicherheitsmerkmale von Java SE 8

Wolfgang Weigend

Wolfgang WeigendSen. Leitender SystemberaterJava Technology and Architecture

Safe Harbor Statement

The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon

commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

Larger Security Policy Areas

CommunicationsDeployment

Lifecycle

� Architecture Review

� Peer Review

� Security Testing

� Post Mortems

� SA / CPU RSS Feeds

� Security Blog

� eBlasts

� Java.com Security

Remediation

Security

� Post Mortems� Java.com Security

� CPU

� Security Alerts

Java Critical Patch Updates

� Rules for Java CPU’s � JDK 8u60 - Security Baselines

� Rules for Java CPU’s− Main release for security vulnerabilities

− Covers all JDK families (8, 7, 6, 5.0)

− CPU release triggers Auto-update

− Dates published 12 months in advance

− Security Alerts are released as necessary

− Based off the previous (non-CPU) release

− Released simultaneously on java.com and OTN

� JDK 8u60 - Security Baselines

JRE Family VersionJRE Security Baseline

(Full Version String)

8 1.8.0_51

7 1.7.0_85

6 1.6.0_101

5.0 1.5.0_81

Java Critical Patch Updates and upcoming

� 30th of July 2015

� 20th of October 2015

� 19th of January 2015

� 19th of April 2016

� 19th of July 2016

� Scheduled CPU‘s

http://www.oracle.com/technetwork/topics/security/alerts-086861.html

Agenda

Overview of Java SE Security

New JDK 8 Security Features

Sneak peek at potential JDK 9 security features

Conclusion

Java Security Resource Center and more information

Java SE Security Conceptual Diagram

Tools keytool

jarsigner policytool

GSSAPI/Kerberos XML Signature

APIs and Libraries

Java Language and Runtime Security

JSSE (SSL/TLS) SASL

JCE (crypto) PKI

• Language design and controls

– Type safety

– Automatic memory management

– Access modifiers: private, default (package-private), protected, public, final

• Bytecode Verifier

– As classes are loaded, the verifier checks that bytecodes are well-formed and do not violate various rules

• Security Manager

– Governs access to security-sensitive operations

– Access rules are determined by the security policy

Security APIs and Libraries

• APIs spanning a wide range of areas

– Cryptography (JCE), PKI, SSL/TLS (JSSE), SASL, JAAS, GSSAPI/Kerberos, XML Signature

• APIs are abstract and allow for multiple implementations of algorithms

– Algorithms are implemented in service providers and plugged in via a standard Service Provider Interface (SPI)

Service Provider Interface (SPI)

• JDK includes a default set of service providers covering a comprehensive set of algorithms

– http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html

Security Tools

• keytool

– Command-line tool for managing keystores

• jarsigner

– Command-line tool for signing JARs

• policytool

– GUI tool for editing policy files

• Table

Option Description

-keystore url Specifies a keystore to be used if you don't want to use the .keystore default database.

-storepass password Allows you to enter the keystore's password on the command line rather than be prompted for it.

-keypass password Allows you to enter your alias's password on the command line rather than be prompted for it.

-sigfile fileSpecifies the base name for the .SF and .DSA files if you don't want the base name to be taken from your

Security Tools – Jarsigner Command Options

-sigfile fileSpecifies the base name for the .SF and .DSA files if you don't want the base name to be taken from your

alias. file must be composed only of upper case letters (A-Z), numerals (0-9), hyphen (-), and underscore (_).

-signedjar fileSpecifies the name of the signed JAR file to be generated if you don't want the original unsigned file to be

overwritten with the signed file.

-tsa url Generates a time stamp for the signature using the Time Stamping Authority (TSA) identified by the URL.

-tsacert alias Generates a time stamp for the signature using the TSA's public key certificate identified by alias.

-altsigner classIndicates that an alternative signing mechanism be used to time stamp the signature. The fully-qualified class

name identifies the class used.

-altsignerpath classpathlist Provides the path to the class identified by the altsigner option and any JAR files that the class depends on.

New JDK 8 Security FeaturesHighlights

• 13 new features

– New features span the entire security stack

• Significant crypto improvements

– Hardware-accelerated crypto performance improvements

– Support for new and stronger algorithms

• Significant JSSE (SSL/TLS) improvements

– More secure out of the box defaults

– Support for the SNI Extension

– New GCM cipher suites

New JDK 8 Security FeaturesHighlights (continued)

• And more …

– Better support for certificate revocation mechanisms (OCSP, CRLs)

– Improved Kerberos delegation support

– New APIs for limiting code’s privileges to only what is necessary to perform a security-sensitive operation

sensitive operation

– And many more smaller enhancements

http://openjdk.java.net/jeps

13 New Security Features

JEP Title

113 MS-SFU Kerberos 5 Extensions

114 TLS Server Name Indication (SNI) Extension

115 AEAD CipherSuites

121 Stronger Algorithms for Password-Based Encryption

123 Configurable Secure Random-Number Generation

124 Enhance the Certificate Revocation-Checking API

129 NSA Suite B Cryptographic Algorithms

http://openjdk.java.net/jeps

13 New Security Features (continued)

JEP Title

130 SHA-224 Message Digests

131 PKCS#11 Crypto Provider for 64-bit Windows

140 Limited doPrivileged

164 Leverage CPU Instructions for AES Cryptography

166 Overhaul JKS-JCEKS-PKCS12 Keystores

176 Mechanical Checking of Caller-Sensitive Methods

Java SE Security Conceptual DiagramWhere the features are

Tools keytool

jarsigner policytool

GSSAPI/Kerberos XML Signature113

APIs and Libraries

JSSE (SSL/TLS) SASL

JCE (crypto) PKI

130131164

= JDK Enhancement-Proposal

New JDK 8 Security FeaturesCryptography

SHA-224 MessageDigests

• SHA-224 is a truncated version of SHA-256

– computed hash is 224 bits instead of 256

– provides 112 bits of security (same as two-key Triple DES)

• Sweet spot for use cases that benefit from smaller digest size

Added support for the SHA-224 message digest and related algorithms

• Added support for the SHA-224 message digest and related algorithms

– MessageDigest: SHA-224

– Signature: SHA224withRSA, SHA224withDSA, SHA224withECDSA

– Mac: HmacSHA224

• Completes support for the SHA-2 family (224, 256, 384, 512)

SecureRandom Improvements

• Strong random numbers are critical for many cryptographic functions

• New SecureRandom.getInstanceStrongmethod automatically picks the strongest random number generator

– Reduces chances of accidentally picking weak generator

• New NativePRNGBlocking and NativePRNGNonBlocking

• New NativePRNGBlocking and NativePRNGNonBlockingSecureRandom implementations on Unix platforms

// Create strong secure random number generatorSecureRandom sr = SecureRandom.getInstanceStrong();

// Initialize key pair generator with SecureRandomKeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");kpg.initialize(2048, sr);

Example: obtaining and using the strongest available SecureRandom

Strengthened DSA and Diffie-Hellman SupportDigital Signature Algorithm

• Added support for generating 2048-bit DSA and Diffie-Hellman public-key pairs

– Can use API or keytool to generate the key pairs

– 1024-bit public-keys are no longer recommended

• Added support for the SHA224withDSA and SHA256withDSA signature

• Added support for the SHA224withDSA and SHA256withDSA signature algorithms

// Generate DSA public-key pairKeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");kpg.initialize(2048);// or use your own parameters (DSAParameterSpec):// kpg.initialize(2048, params);KeyPair kp = kpg.generateKeyPair();

// Sign some data with the SHA256withDSA algorithm

Example: generating a 2048-bit DSA keypair and signing some data with the SHA256withDSA algorithm

// Sign some data with the SHA256withDSA algorithmSignature signature = Signature.getInstance("SHA256withDSA");signature.initSign(kp.getPrivate());signature.update("Hello, world!".getBytes());byte[] result = signature.sign();

Hardware-accelerated AES crypto performanceAdvanced Encryption Standard

• Hotspot compiler generates intrinsics for AES instructions on 32-bit and 64-bit x86 systems (if they support such instructions)

• Provides significant performance improvement on x86 systems

• Intrinsics are triggered when a Cipher with the AES algorithm is created:

– Cipher.getInstance("AES");

– A more optimized intrinsic is used for CBC mode: Cipher.getInstance("AES/CBC");

– Implemented in SunJCE provider. On Solaris, may need to reorder providers or specify provider explicitly:Cipher.getInstance("AES", "SunJCE");

Hardware-accelerated AES crypto performanceBenchmark Results

150000

200000

250000

No Intrinsics

100000

Encryption Decryption

No Intrinsics

Intrinsics

• Encryption and decryption with 128-bit key

• Message 10000 bytes

• Single thread

Authenticated AES GCM Cipher modeBlock chiffre for symetric encryption

• Galois/Counter Mode (GCM) is an efficient symmetric key block cipher mode that also supports AEAD (Authenticated Encryption and Associated Data)

– Provides data integrity and confidentiality

– Can perform better than other block cipher modes such as CBC

• In JDK 7, we enhanced the Cipher API to support AEAD but did not provide an implementation

• In JDK 8, we have implemented GCM mode for AES

Plaintext CiphertextAuthentication Tag

(Plaintext + Ciphertext)

// Create and initialize CipherCipher cipher = Cipher.getInstance("AES_128/GCM/NoPadding");cipher.init(Cipher.ENCRYPT_MODE, key);// or use your own parameters (GCMParameterSpec):// BUT always use a different IV value (nonce) for each complete GCM operation// cipher.init(Cipher.ENCRYPT_MODE, key, params);cipher.updateAAD("Duke".getBytes());

Example: Authenticated Encryption with AES/GCM mode

// Encrypt and authenticatebyte[] cipherText = cipher.doFinal("Meet me for coffee tomorrow at 1PM".getBytes());

// Decrypt and authenticatecipher.init(Cipher.DECRYPT_MODE, key, cipher.getParameters());cipher.updateAAD("Duke".getBytes());byte[] clearText = cipher.doFinal(cipherText);

Stronger Algorithms for Password-Based Encryption (PBE)

• PBE is based on PKCS #5 and includes:

– key derivation functions

– encryption schemes

– message authentication code (MAC) schemes

• Support for PBE as of JDK 7 was lacking (based on older PKCS #5 standard)

• JDK 8 adds more secure algorithms based on PKCS #5 v2.1

– SecretKeyFactory: PBKDF2WithHmacSHA{1,224,256,384,512}

– Cipher: PBEWithHmacSHA{1,224,256,384,512}AndAES_{128,256}

– Mac: PBEWithHmacSHA{1,224,256,384,512}

// Create PBE keychar[] password = System.console().readPassword("%s", "Password:");PBEKeySpec pks = new PBEKeySpec(password);SecretKeyFactory skf = SecretKeyFactory.getInstance("PBEWithHmacSHA256AndAES_128");// NOTE: key is not strongSecretKey pbeKey = skf.generateSecret(pks);

// Create PBE cipher

Example: deriving a strong key from a password and encrypting some data

// Create PBE cipherCipher c = Cipher.getInstance("PBEWithHmacSHA256AndAES_128");c.init(Cipher.ENCRYPT_MODE, pbeKey);

// Encryptbyte[] cipherText = c.doFinal("Top Secret Data".getBytes());

New JDK 8 Security FeaturesTLS/SSL

AEAD Cipher SuitesAuthenticated Encryption and Associated Data

• Added support for AEAD/GCM based TLS cipher suites (RFCs 5288, 5289, 5430)

– Best cipher suite to use, although not yet ubiquitous

– Leverages the Authenticated GCM Cipher mode discussed earlier

• New suites include:

– TLS_RSA_WITH_AES_128_GCM_SHA256 (RFC 5288)

– TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (RFC 5289, 5430)

– TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (RFC 5289, 5430)

– For complete list, see the Cipher Suites table at http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider

TLS Server Name Indication (SNI) Extension

• The SNI extension is used to indicate the hostname of the server the client wants to establish a session with

• Useful when a server has multiple domains that share the same IP address

– Common in virtual hosting and cloud computing environments

– Each server domain may use a different certificate to authenticate to the client

• Several new JSSE APIs have been defined to support SNI

// Create SSL socketSSLSocket sslSocket = (SSLSocket)SSLSocketFactory.getDefault().createSocket(ipAddr, 443);

// Specify hostname and add to SSL parametersSNIServerName serverName = new SNIHostName("www.example.com"); SSLParameters params = sslSocket.getSSLParameters();params.setServerNames(Collections.singletonList(serverName));sslSocket.setSSLParameters(params);

Example: using SNI on the client side

sslSocket.setSSLParameters(params);

// start handshake …sslSocket.startHandshake();

// Create server socket ServerSocketFactory fac = SSLServerSocketFactory.getDefault();SSLServerSocket serverSocket = (SSLServerSocket)fac.createServerSocket(443);

// Specify host matching rules and add to SSL parametersSNIMatcher matcher = SNIHostName.createSNIMatcher("www\\.example\\.(com|org)");SSLParameters params = serverSocket.getSSLParameters(); params.setSNIMatchers(Collections.singletonList(matcher));

Example: using SNI on the server side

params.setSNIMatchers(Collections.singletonList(matcher));serverSocket.setSSLParameters(params);

// accept connection …SSLSocket sslSocket = (SSLSocket)serverSocket.accept();

Other notable TLS/SSL Enhancements

• TLS 1.1 and 1.2 enabled by default

– Now enabled by default on client without having to explicitly enable it

– Use the jdk.tls.client.protocols system property to change the default protocols

• Server Cipher Suite Preference

– Servers can now choose which cipher suite they want to use, rather than the client’s

– Servers can now choose which cipher suite they want to use, rather than the client’s most preferred one

– New SSLParameters.setUseCipherSuitesOrder() method

• Stronger Server Ephemeral Diffie-Hellman Parameters

– Default increased from 768 bits to 1024 bits

– Use the jdk.tls.ephemeralDHKeySize system property to increase the strength

New JDK 8 Security FeaturesPKI, Kerberos, Access Control

Major KeyStore Enhancements

• Enable the strong PBE algorithms previously discussed to be used to protect keystore entries

– KeyStore.PasswordProtection has a new constructor that allows you to specify the PBE algorithm

• New KeyStore.Entry.Attribute API for storing metadata with entries

• New Domain ("DKS") keystore type

– Allows several keystores to be aggregated and viewed as a single keystore

• Enhancements to the PKCS#12 keystore implementation

– Support for storing trusted certificate and secret key entries

// dks.config file// This is a domain containing two keystores on a system running Ubuntu/Linux:// 1. oracle_cacerts is the cacerts file in Oracle's JDK// 2. ubuntu_cacerts is the cacerts file in Ubuntu’s JDK//domain ubuntu {

keystore oracle_cacertskeystoreType = "JKS"

Example: Domain KeyStore

keystoreType = "JKS" keystoreURI = "${java.home}/lib/security/cacerts";

keystore ubuntu_cacertskeystoreType = "JKS"keyStoreURL = "/etc/ssl/certs/java/cacerts";

// Create and load DKS keystoreKeyStore keystore = KeyStore.getInstance("DKS"); URI uri = new File("dks.config").toURI();keystore.load(new DomainLoadStoreParameter(uri, Collections.emptyMap());

// Validate certificate chain using all of the trust anchors in domain keystorePKIXParameters params = new PKIXParameters(keystore);CertPathValidator cpv = CertPathValidator.getInstance("PKIX");

Example: Domain KeyStore

CertPathValidator cpv = CertPathValidator.getInstance("PKIX");CertPathValidatorResult cpvr = cpv.validate(chain, params);

New Revocation Checking API

• New PKIXRevocationChecker API which allows you to set various revocation checking parameters

• Options allow more control over how revocation checking is performed

– Perform check using OCSP or CRLs (or both). Default is both.

– Enable soft fail behavior: inability to determine revocation status (ex: due to a

– Enable soft fail behavior: inability to determine revocation status (ex: due to a network issue) is not treated as a hard failure. Default is off.

– Only check end-entity certificate. Default is to check full chain.

Enhanced Certificate Revocation Checking API• Previous java.security.cert API is all-or-nothing

– Failure to contact server is a fatal error

• New classes

– RevocationChecker

– RevocationParameters

• Online certificates checking during runtime with online certificate status protocol OCSP under the hood

under the hood

– Both is used, and both can be turned off or on. Turning OCSP on with a non-networked system may be slower because it could wait to connect. Similar story with CA’s who have slow OCSPs.

– We test and validate them before inclusion. CA’s whose OCSP is not turned on, do not get accepted

• What’s the best way to work offline with certificates and verify them, e.g. to maintain the certificate revocation list as CRL offline?

– For offline validation, the easiest best is to just periodically grab the CRL. The CA’s update those periodically, about once a week. You should be able to locate either the CRL and/or OCSP through the certificate’s Authority Info Access

• All this is controlled either in the control panel or java.security

// Create PKIX CertPathValidator and set soft-fail optionCertPathValidator cpv = CertPathValidator.getInstance("PKIX");PKIXRevocationChecker prc = (PKIXRevocationChecker)cpv.getRevocationChecker();prc.setOptions(EnumSet.of(PKIXRevocationChecker.Option.SOFT_FAIL));

// Validate certificate chainPKIXParameters params = new PKIXParameters(keystore);params.addCertPathChecker(prc);

Example: Setting SOFT_FAIL option

params.addCertPathChecker(prc);CertPathValidatorResult cpvr = cpv.validate(path, params);

// Did any revocation checks pass because of soft fail?List<CertPathValidatorException> exceptions = prc.getSoftFailExceptions();for (CertPathValidatorException e : exceptions) {

System.out.println(e);}

Support for MS-SFU Kerberos 5 Extensions

• These extensions allow a service to obtain a Kerberos service ticket on behalf of another client

– Service-for-User-to-Self (S4U2self) extension

– Service-for-User-to-Proxy (S4U2proxy) extension

• Useful in firewalled environments or clients without Kerberos support

• More information at http://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/jgss-features.html

Limited doPrivileged

• New AccessController.doPrivileged methods that take list of limiting Permissions

• New methods allow code to assert a subset of its granted permissions

– Allows code to better adhere to the Principle of Least Privilege

– Reduces risk of excessive permissions being available if there is a bug in that code

• Also useful when you need to assert some permissions while allowing others to continue the stack walk

// Simple example: read user.home system property and only assert single// permission to perform operationString homeDir = AccessController.doPrivileged(

(PrivilegedAction<String>) () -> System.getProperty("user.home"),null,new java.util.PropertyPermission("user.home", "read"));

Examples: Limited doPrivileged

// Advanced example: allow connections back to same origin, anything else the caller// needs explicit permissionpublic InputStream openStream(URL url) throws Exception {

return AccessController.doPrivileged((PrivilegedExceptionAction<InputStream>) () -> url.openStream(),null,new java.net.URLPermission(origin));

Other notable JDK 8 Enhancements

• New @CallerSensitive annotation for marking caller-sensitive methods

– See http://openjdk.java.net/jeps/176

• X.509 certificates with RSA keys less than 1024 bits disabled by default

• Kerberos 5 DES encryption types are disabled by default

• SASL and GSS-APIs have been enhanced to support unbounded servers

• For more information, see http://docs.oracle.com/javase/8/docs/technotes/guides/security/enhancements-8.html

Potential JDK 9 Security Features

• Cryptography

– JVM Hardware Crypto Acceleration (http://openjdk.java.net/jeps/8046943)

– Transition the default keystore type from JKS to PKCS12

• TLS/SSL

– Datagram Transport Layer Security DTLS (http://openjdk.java.net/jeps/8043758)

– OCSP Stapling: appending a time stamped, signed response to the initial TLS handshake, no need for clients to contact CA

– Application-Layer Protocol Negotiation Extension

• Improve Security Manager Performance (http://openjdk.java.net/jeps/8043631)

Zusammenfassung

• Security continues to be a very important part of the JDK roadmap

• JDK 8 delivers many new important security features

– Improved performance

– Improved out-of-the-box security

– Support for new standards

• JDK 8 Updates provide improved performance and new features

• JDK 9 security features are being discussed and planned, please participate and please provide your feedback!

Java Security Resource Center and more information

and more information

Java Security Resource Center (1)What’s new

� New Secure Coding Guidelines

� Java 8 Security Enhancements

� JavaOne 2015 Java Security Track

� Manage multiple versions on client systems

� Exception Site List

� RIA Checklist

� OpenJDK Security Group Information

� Security for Developers�http://www.oracle.com/technetwork/java/javase/overview/security-2043272.html

Java Security Resource Center (2)Security for developers

� Secure Coding Guidelines – learn defensive coding strategies to properly mitigate weaknesses in software and prevent vulnerabilities

‒ Oracle Secure Coding Guidelines - Updated for Java 8

‒ The CERT Oracle Secure Coding Standard for Java

� Security enhancements in JDK 8 include many new cryptographic algorithms, improved randomization, and protocol updates

� For Applet & Web Start applications, view the RIA security checklist and understand the expanding role of code

� For Applet & Web Start applications, view the RIA security checklist and understand the expanding role of code signatures for authenticating your identity to end-users

‒ 7u51 provides an Exception Site List for already-shipped applications that cannot be updated per the RIA security checklist.

� Java SE Security Overview — lists APIs, specifications, and developer-related secure deployment information, such as code signing & timestamping

� Names of cryptographic algorithms available within the Java Cryptographic Architecture

� For a better understanding of Java security or to get involved in the community, look at the OpenJDK Security Group

� For other periodic information, please access the Oracle Java Product Management blog and subscribe via RSS readers

Java Security Resource Center (3)Security for System Administrators� Security enhancements in JDK 8 include many new cryptographic algorithms, improved randomization, and protocol

updates

� Stay up to date

‒ Receive email notification of Critical Patch Updates

‒ Critical Patch Update general information page

� If required, manage multiple Java versions on client systems through static installations and use Deployment Rule Sets for old-version compatibility

old-version compatibility

� Whitelist Applet & WebStart applications across managed computers through Deployment Rule Sets (full documentation)

� Consider using the Server JRE for server systems, such as application servers or other long-running back-end processes. The Server JRE is the same as the regular JRE except that the Server JRE does not contain the web-browser plugins

‒ Consider upgrading to Unlimited Strength Cryptography for sensitive information

� Use trusted timestamping when signing and verifying signed JAR files to prevent your artifacts from expiring early

� See properties that can be configured within Java installations

� Java SE Security Overview – lists APIs, specifications, and developer-related secure deployment information, such as code signing & timestamping

Java Security Resource Center (4)Security for End Users

� Always use the latest version of Java on your computer

‒ Java will periodically prompt you to update when it detects that there is a new version

‒ Remove old versions of Java from your computer

� Only download Java from the following websites

‒ Java.com (most users)

‒ Advanced users may download from the Oracle Technology Network

� If needed, disconnect Java from your web browser

� What other actions can I take to increase the security of Java?

Java Security Resource Center (5)Security for Security Professionals� Ensure that all systems are up to date with the latest security patches

� View recent security presentations

‒ “One Year of Java Security Enhancements in the JRE” at JavaOne 2013. Session information -- presentation material (pdf)

‒ “Using the new JDK8 Security Features” at JavaOne 2013. Session information -- presentation material (pdf)

� Java SE Security Overview – lists APIs, specifications, and developer-related secure deployment information, such as code signing & timestamping

� Secure Coding Guidelines – learn defensive coding strategies to properly mitigate weaknesses in software and prevent vulnerabilities

‒ Oracle Secure Coding Guidelines

‒ The CERT Oracle Secure Coding Standard for Java

� Security Specifications

‒ Names of cryptographic algorithms available within the Java Cryptographic Architecture

‒ Java Cryptographic Architecture specification

‒ Sandbox Specification

� Verify that all signed code is properly timestamped to prevent early expiration

Weitere Informationen

• Security Guides and Overview

– http://docs.oracle.com/javase/8/docs/technotes/guides/security/index.html

• OpenJDK Security Group: http://openjdk.java.net/groups/security/

– Mailing list: security-dev@openjdk.java.net

JEPs: http://openjdk.java.net/jeps

• JEPs: http://openjdk.java.net/jeps

• JDK 8 downloads: http://www.oracle.com/technetwork/java/javase/downloads/index.html

• JDK 8 docs: http://docs.oracle.com/javase/8/

Danke!

Wolfgang.Weigend@oracle.com

Sicherheitsmerkmale von Java SE 8 - JUG Saxony Day...•Table Option Description-keystore url...

Documents

From Arnsdorf near Dresden, Saxony, - Microsofttempwebmiumusersrecovery.blob.core.windows.net/... · From Arnsdorf near Dresden, Saxony, Kirchhoff & Lehr delivers precise, cold-rolled

Saxony Germany

최고의 입지 조건 · 2020. 6. 11. · 작센경제개발공사 (Saxony Economic Development Corporation) 역동적인 입지 조건 Saxony Economic Development Corporation작센경제개발공사(Saxony

Saxony, German

2290 Saxony Court , Mississauga

Dart @ JUG Saxony

Germany Wernigerode (Saxony Anhalt)

Lower Saxony

Flag of Lower Saxony

COMPANIES FROM SAXONY...The Honorary Consul of the Republic South Africa for Saxony and Saxony-Anhalt Honorarkonsulat der Republik Südafrika für Sachsen und Sachsen-Anhalt Bautzner

THE ENERGY CLUSTER FOR SAXONY - Energy Saxony

From Arnsdorf near Dresden, Saxony

Die Sicherheitsmerkmale des neuen BtM-Formulars · PDF fileDie Sicherheitsmerkmale des neuen BtM-Formulars Schutz vor Verfälschung der Einträge. Der Rezeptvordruck enthält Reagenzien,

Die Sicherheitsmerkmale der Euro-Banknoten

Ausbildung - Silicon Saxony

Auction Information for 2290 Saxony

Demographic Change in Saxony

Landscapes of Extremadura and Lower Saxony

Step by Step Tutorial to Create Keystore

Using mobile devices' hardware-backed keystore for ...Using mobile devices’ hardware-backed keystore for universal authentication Akos Szente (2094613s) April 22, 2018 ABSTRACT Mobile