Sean Mullan

@seanjmullan

Java Security Tech Lead at Oracle. Lead of OpenJDK Security Group. Views are my own. He/Him.

Massachusetts
seanjmullan.org
Joined June 2008
20 Photos and videos Photos and videos

Tweets

You blocked @seanjmullan

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @seanjmullan

  1. Pinned Tweet
    Mar 23

    JDK 18 has shipped! Check out my latest blog, where I have compiled a list of the most interesting and useful security features and enhancements in this release:

    2 replies 42 retweets 133 likes
    Undo
  2. 2 hours ago

    Finally, we have added a new entry for disabling 3DES and RC4 in Kerberos by default in JDK 7, 8, and 11 and set the target date to October 2022. Note that this change has already been made in JDK 17 and later releases.

    Show this thread
    Show this thread
    Undo
  3. 2 hours ago

    Third, we have added a target date for October 2022 for upgrading the default PKCS12 MAC algorithm to HmacPBESHA256 for JDK 7, 8, and 11. Note that this change has already been made in JDK 16 and later releases.

    1 reply
    Show this thread
    Show this thread
    Undo
  4. 2 hours ago

    Second, we have added a target date for October 2022 for disabling JARs signed with SHA-1 algorithms in JDK releases 7, 8, 11, and 17. Note that SHA-1 JARs are already disabled by default in the recently released JDK 18.

    1 reply 1 like
    Show this thread
    Show this thread
    Undo
  5. 2 hours ago

    First, we have backported to JDK 11.0.15 (released yesterday) support for TLS cipher suites using the ChaCha20-Poly1305 algorithm. These suites are supported for either TLSv1.2 or TLSv1.3.

    1 reply 1 retweet 4 likes
    Show this thread
    Show this thread
    Undo
  6. 2 hours ago

    We have updated the Oracle Java Cryptographic Roadmap with a few new announcements/changes. See for more details and testing instructions or read the thread for a summary.

    1 reply 5 retweets 8 likes
    Show this thread
    Show this thread
    Undo
  7. Apr 12

    If you use JCE in your project or application, please help us complete this JCE survey to better understand what changes, features, and API enhancements would be helpful: The survey will be open through April 29. Thanks!

    2 replies 25 retweets 32 likes
    Undo
  8. Mar 17

    We’re also hiring engineers to work on our Java Vulnerability Team and who will be responsible for security vulnerability prevention for the Java Platform. See for more information about the position.

    1 reply 7 retweets 17 likes
    Undo
  9. Retweeted
    Mar 15

    📢Reminder📢 is a week away. Come join the Team at and community experts for to learn about this release and more! ☕️March 22 ☕️ March 24☕️ Register now ➡️

    , , and 7 others
    31 retweets 90 likes
    Undo
  10. Retweeted
    Mar 8

    📨Invitation📨 Pls join the Team at & ecosystem luminaries for ". March 22 | March 24 ☕️ Learn about ☕️ Participate in community topics ☕️ Advance your career Register now!

    , , and 7 others
    4 replies 116 retweets 186 likes
    Undo
  11. Mar 9

    We’re hiring developers to work on Java Security! Join the Security Libraries team at Oracle and work on the security and crypto features of the JDK alongside some of the most amazing engineers. See for more information.

    8 replies 45 retweets 169 likes
    Undo
  12. Retweeted
    Feb 7

    How often do you use 's `jarsigner` tool? 📜

    4 replies 5 retweets 4 likes
    Undo
  13. Jan 30

    I think that’s my car underneath that snow!

    11 likes
    Undo
  14. 26 Nov 2021

    My Dad’s latest novel!

    ASTROCLONES is now available in eBook, paperback, and hardcover ...... I believe that our future on this planet Earth is in great jeopardy. We have run out of a future assured by our own evolution. We need to take charge of our own evolution ...
    1 reply 3 likes
    Undo
  15. 19 Nov 2021

    Happy Birthday to me 😀

    1 reply 7 likes
    Undo
  16. 8 Nov 2021

    In JDK 18, we are adding new JAAS APIs (Subject::callAs and Subject::current) that can be used to perform work as a Subject w/o dependencies on the deprecated Security Manager APIs. See for more details.

    3 replies 6 retweets 49 likes
    Undo
  17. Retweeted
    1 Nov 2021

    New candidate JEP: 421: Deprecate Finalization for Removal:

    4 replies 77 retweets 240 likes
    Undo
  18. Retweeted
    20 Oct 2021

    It’s great to see security improvements made to older JDK releases, in particular JDK 8 that many companies still use.

    We have updated the Oracle Java Cryptographic Roadmap with a few new announcements/changes. See for details or read on for a summary.
    Show this thread
    3 retweets 7 likes
    Undo
  19. 20 Oct 2021

    And last but not least, the October CPU released yesterday includes improvements to the TLS Cipher Suite order for JDK 7, 8, and 11 (the change is already in later releases). See the Released Changes section of the Roadmap for more details.

    4 likes
    Show this thread
    Show this thread
    Undo
  20. 20 Oct 2021

    Third, we have updated the details on our plans to disable JARs signed with SHA-1 algorithms. In particular, we will no longer include an exception to trust SHA-1 JARs signed with certificates that do not chain to trust anchors included in Oracle's JDK.

    1 reply 4 likes
    Show this thread
    Show this thread
    Undo

@seanjmullan hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·