[JDK 8] Code review request 7188657, There should be a way to reorder the JSSE ciphers

Florian Weimer fweimer at redhat.com
Wed Aug 28 09:57:56 UTC 2013


On 08/28/2013 11:02 AM, Xuelei Fan wrote:
> Hi,
>
> Please review this update to support cipher suites reorder:
>
> webrev: http://cr.openjdk.java.net/~xuelei/7188657/webrev.00/
>
> Two new methods are added to SSLParameters:
>     public final void setUseCipherSuitesOrder(boolean honorOrder);
>     public final boolean getUseCipherSuitesOrder();
>
> If SSLParameters.getUseCipherSuitesOrder() return true, the local cipher
> suites order returned in SSLParameters.getCipherSuites() should be
> honored during SSL/TLS handshaking.

The documentation should say this parameter only applies to the server 
side because that's the party that picks the cipher suite.

I wonder if an enum (with members LOCAL and PEER, and perhaps 
UNSPECIFIED) would be more appropriate than a boolean flag.
-- 
Florian Weimer / Red Hat Product Security Team



More information about the security-dev mailing list