(3rd Round) Proposed API Changes for JEP 114: TLS Server Name Indication (SNI) Extension

Sean Mullan sean.mullan at oracle.com
Tue Aug 14 16:54:02 UTC 2012 

SSLParameters:

In your README, you write:

"Unknown server name type will be expressed as "sni-<integer>", and the
value of the name is encoded as UTF-8 string."

This needs to be documented in the APIs. I think you should also be more
specific about what <integer> means - I assume this is the type value in the SNI
extension?

- It might be useful to add a public String constant for the "host_name" type,
ex: SSLParameters.SNI_HOST_NAME.

setServerName:

"In client mode, it is recommended that, by default, providers should include
the server name indication whenever the server can be located by a supported
name type."

If we say "recommended" it means that it isn't a violation of the specification
if a provider doesn't do this, and that makes it impossible to test compliance
and harder for apps to depend on consistent behavior across different providers.
I think we should strongly consider changing "recommended" and "should" to
"required" and "must" here. Is there any reason why a provider wouldn't want to
do this?

--Sean

On 8/12/12 8:50 AM, Xuelei Fan wrote:
> Hi,
> 
> Please review the spec of JEP 114, TLS Server Name Indication (SNI)
> Extension.
> 
>     http://cr.openjdk.java.net./~xuelei/7068321/webrev_spec.04/
> 
> Please read the README to help you understanding the the specification:
> 
>    http://cr.openjdk.java.net./~xuelei/7068321/README_04.txt
> 
> The major differences comparing with previous webrev are:
> 1. client mode and server mode will use separated API set.
>    For client, the related APIs are:
>      setServerName(String type, String value)
>      clearServerName(String type)
>      disableServerName(String type)
>      enableServerName(String type)
>      isDisabledServerName(String type)
>      getServerNames()
> 
>    For server side, the related APIs are:
>      setServerNamePattern(String type, Pattern pattern)
>      clearServerNamePattern(String type)
>      getServerNamePatterns()
> 
> 2. close the door to use the generated socket in client mode.
> 
>    SSLSocketFactory.createSocket(Socket s,
>        InputStream consumed, boolean autoClose)
> 
>    The returned socket was set in server mode.
> 
> Regards,
> Xuelei
>

More information about the security-dev mailing list