[8u] TLSv1.3 RFR: 8245476: Disable TLSv1.3 protocol in the ClientHello message by default
Martin Balao
mbalao at redhat.com
Mon Jul 20 23:06:27 UTC 2020
Hi Alexey,
On 7/16/20 7:25 AM, Alexey Bakhtin wrote:
> TLSv1.3, 1.2 and 1.1 contexts are different because of we selected highest protocol explicitly, so return cipher suites for these protocol set only.
> My approach requires less configuration from application point of view.
> However you are right, this approach could be also misleading if default cipher and protocol set not match each other.
>
> Updated webrev at : http://cr.openjdk.java.net/~abakhtin/tls1.3/8245466/8245476/webrev.v1/
Thanks for your new proposal.
Can we keep the CustomizedTLSContext::customizedProtocols and
CustomizedTLSContext::getProtocols signatures?
Looks to me that 'getProtocols' was intended for clients to avoid the
SSL20Hello protocol, as servers use the inherited
'getSupportedProtocols'. The name is a bit of a misnomer, though. The
'isDefault' parameter, on the other hand, does not add much information
to me as these are default values anyways.
Thanks,
Martin.-
More information about the jdk8u-dev
mailing list