Improvements in application layer TLS negotiation were backported to Java 8, allowing these customers to take advantage of networking capabilities over HTTP / 2. Previously, this work was available in Java 9 and higher.
The change is a major improvement for older customers, as New Relic’s recent ” State of Java Report ” indicates that 85% of systems are running Java 8. Originally released as JEP 244 in Java 9, this backport has enabled customers upgrading to the Java 8 family to be able to communicate with newer non-Java systems that request HTTP / 2 requests. Without the update, these clients would be forced to use older TLS frameworks or the server-side application would require an upstream SSL terminator to support the new application protocols. KeyCDN has published a graphical representation of how ALPN trading works.
Each technology has been available in many production systems for several years.
- Java 8 was first released in March 2014
- HTTP / 2 was standardized in May 2015
- Java 9, containing this feature, was released in September 2017
HTTP / 2 is built on top of a Google-driven initiative called SPDY. Although the underlying SPDY work was available within the timeframe for Java 8, there was no official industry standard available until the time of Java 9 release. Prior to HTTP / 2, SPDY was an initiative. driven by Google subject to change or cancel without notice. As a major leader in the HTTP / 2 protocol, Google only removed SPDY after well-managed coordination with the peer technology organizations that formed the standard. The functionality was then included in the next major version of Java.
The Application Layer Protocol Negotiation enables better compression between the client and server applications that can exchange and decode the appropriate protocol in the customer hello handshake stage.
Developers unfamiliar with the inner workings of TLS can leverage various online tools such as Hardernize to provide red-amber-green security flags. Rather than focusing on individual TLS and algorithm configuration practices, these tools evaluate a server’s responses and TLS negotiation information to determine other issues such as algorithm availability, strength certificate key, HTTP headers, or other sources of interest to server administrators and security professionals.
Operations teams looking to use TLS enhancements can get the backport through public Java 8 vendors such as AdoptOpenJDK. Development teams looking to take advantage of this feature should consider following a Microsoft guide titled ” From Java 8 to 11. ”