[JDK 8] Code review request 7188657, There should be a way to reorder the JSSE ciphers

Xuelei Fan xuelei.fan at oracle.com
Wed Aug 28 09:02:06 UTC 2013


Hi,

Please review this update to support cipher suites reorder:

webrev: http://cr.openjdk.java.net/~xuelei/7188657/webrev.00/

Two new methods are added to SSLParameters:
   public final void setUseCipherSuitesOrder(boolean honorOrder);
   public final boolean getUseCipherSuitesOrder();

If SSLParameters.getUseCipherSuitesOrder() return true, the local cipher
suites order returned in SSLParameters.getCipherSuites() should be
honored during SSL/TLS handshaking.

Considering the potential compatibility issues of third party's
implementation, I won't define the behaviors if
SSLParameters.getUseCipherSuitesOrder() return false.  For Oracle
provider, SunJSSE, if getUseCipherSuitesOrder() returns false, the order
of SSLParameters.getCipherSuites() is honored in client side, and the
order of the requested cipher suites in client handshake message is
honored in server side.

Thanks,
Xuelei



More information about the security-dev mailing list