Friday, July 29, 2011

Vitamin C - Graduation ( Friends Forever )



- wong chee tat :)

Java™ SE 7 Release Security Enhancements

The Java SE 7 release adds the following features:
  • Elliptic Curve Cryptography (ECC)
    A new native provider has been added to the Java SE 7 release that provides several ECC-based algorithms (ECDSA/ECDH). See Sun PKCS#11 Provider's Supported Algorithms in Java PKCS#11 Reference Guide for more information.
  • CertPath Algorithm Disabling
    Weak cryptographic algorithms can now be disabled. For example, the MD2 digest algorithm is no longer considered secure. The Java SE 7 release provides a mechanism for denying the use of specific algorithms in certification path processing and TLS handshaking. See Appendix D: Disabling Cryptographic Algorithms in Java PKI Programmer's Guide and Disabled Cryptographic Algorithms in Java Secure Socket Extension (JSSE) Reference Guide for more information.
  • JSSE (SSL/TLS)
    • TLS 1.1
      The SunJSSE provider now supports TLS 1.1 as described in RFC 4346. The most important update is protection against cipher block chaining (CBC) attacks.
    • TLS 1.2
      The SunJSSE provider now supports TLS 1.2 as described in RFC 5246. Among other things, it specifies different internal hashing algorithms, adds new cipher suites, and contains improved flexibility, particularly for negotiation of cryptographic algorithms.
    • Weak cipher suites deprecated
      Per RFC 4346, RFC 5246, and RFC 5469, some cipher suites have been made obsolete and should not be used. These obsolete suites are all disabled by default in SunJSSE. For details, consult the cipher suite lists in the documentation about the SunJSSE provider.
    • Connection-sensitive trust management
      Both trust managers and key managers now have the ability to examine parameters of the TLS connection, specifically the SSLSession under construction, during the handshake. For example, a trust manager might restrict the types of certificates used based on the list of valid signature algorithms.
    • Endpoint verification
      An endpoint identification algorithm can be specified to verify that a remote computer's host address matches its supplied certificate. Although this type of verification was previously performed for the HTTPS protocol (see HttpsURLConnection and HostnameVerifier), such verification can now be optionally performed at the TLS level.
    • TLS renegotiation
      Java SE supports RFC 5746, which fixes a renegotiation issue in the TLS protocol.
    • SSLv2Hello disabled by default
      In Java SE 7, SSLv2Hello is removed from the default enabled protocol list.
    • Algorithm disabling
      Weak cryptographic algorithms can now be disabled, as previously described.
    • Server Name Indication (SNI) for JSSE client
      The Java SE 7 release supports the Server Name Indication (SNI) extension in the JSSE client. SNI is described in RFC 4366. This enables TLS clients to connect to virtual servers.
    • Tighter checking of EncryptedPreMasterSecret version numbers
      Java SE 7 tightens version number checking during TLS 1.1 and TLS 1.2 handshaking. See the JSSE Reference Guide for more information.
- wong chee tat :)

Great Compassionate Heart Dharani



- wong chee tat :)

Ani Choying Drolma - Great Compassionate Heart Dharani



- wong chee tat :)

Great Compassion Mantra (HD)



- wong chee tat :)

Great Compassion Mantra

- wong chee tat :)

Om Mani Padme Hum



- wong chee tat :)

Om Mani Padme Hum



- wong chee tat :)

Om Mani Padme Hum



- wong chee tat :)

Om Mani Padme Hum



- wong chee tat :)

Om Mani Padme Hum



- wong chee tat :)

Om Mani Padme Hum



- wong chee tat :)

Om Mani Padme Hum



- wong chee tat :)