JSSE patches for HonorCipherOrder and preventing client-initiated renegotiations
Xuelei Fan
Xuelei.Fan at Oracle.Com
Sat Mar 24 23:28:07 UTC 2012
Hi Neal,
Thanks for your proposal to enrich the JSSE implementation.
Before we talk more about your contribution, I want to know, did you sign the Oracle Contributor Agreement (OCA)? Like many other open-source communities, the OpenJDK Community requires contributors to jointly assign their copyright on contributed code. If you haven't yet signed the Oracle Contributor Agreement (OCA), please read the doc, http://openjdk.java.net/contribute/ or other legal issues in http://openjdk.java.net/legal/.
Regards,
Xuelei Fan
On Mar 24, 2012, at 2:19 PM, Neale Rudd <neale at metawerx.net> wrote:
> Hi Guys,
>
> Just joined the list, nice to meet you.
>
> I have developed two changes for JSSE which add the ability to use an HonorCipherOrder feature (an option in openssl) and to prevent client-initiated renegotiations (like openssl does now by default).
>
> These work fine in my local tests and on the ssllabs test.
>
> I've submitted patches for Tomcat before, but I'm new to contributing to openjdk. Therefore, I am interested in teaming up with 1 or more other developers to sponsor me, offer relevant advice, review these patches and develop the corresponding unit tests.
>
> If you would like to team up on these two, please contact me.
>
> Best Regards,
> Neale Rudd
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20120325/9ce4f227/attachment.htm>
More information about the security-dev
mailing list