A suggestion about specifying a source of secure randomness for better security

Question

A suggestion about specifying a source of secure randomness for better security

Closed this issue 4 months ago · 5 comments

Hello everyone! I'm new to netty and when I was browsing the code I found the following code in JdkSslServerContext.java here:

            ctx.init(keyManagerFactory.getKeyManagers(),
                    wrapTrustManagerIfNeeded(trustManagerFactory.getTrustManagers()),
                     null);

The code here use a "null", which means using the default securerandom. Although securerandom has already provided enough security, specifying one will ensure better security. For example, using SunJSSE.cryptoProvider for fip mode will be better.

Answer 1 · 2024-05-03T07:49:34.000Z

Looks valid. @normanmaurer WDYT?

Answer 2 · 2024-05-03T07:51:42.000Z

@hyperxpro @Gax-c I think we could add another constructor that take one ?

Answer 3 · 2024-05-03T07:53:25.000Z

Yup. Shall I go ahead with a PR?

Answer 4 · 2024-05-03T08:55:45.000Z

@hyperxpro sure

Answer 5 · 2024-05-19T12:48:11.000Z

Hi @normanmaurer, @hyperxpro, @Gax-c

I'm interested in this so I created a PR. Could you please review this?

#14058