Code review request, 7188658 Add possibility to disable client initiated renegotiation
Xuelei Fan
xuelei.fan at oracle.com
Wed Jun 19 05:16:26 UTC 2013
On 6/19/2013 12:09 PM, Matthew Hall wrote:
> I think it would be better if the property did use JSSE prefix, because other crypto providers will likely also want to adjust their own renegotiation behavior based on the value of the property. Thanks for contributing this useful security improvement to JSSE.
>
Other providers can follow "jdk.tls" properties. In order to mitigate
the miss-understanding of the scope of the properties, "jsse" prefix
should not be used in provider level libraries (for example, Oracle JSSE
provider). If a third party provider does not support the "jsse"
property, it is easy to get confused.
Xuelei
More information about the security-dev
mailing list