Next Protocol Negotiation TLS Extension

Bernd Eckenfels bernd-2013 at eckenfels.net
Thu Mar 21 22:44:23 UTC 2013


Am 21.03.2013, 17:01 Uhr, schrieb Simone Bordet <simone.bordet at gmail.com>:

> I would like to ask for suggestions for what would be the best way to
> have NPN support in OpenJDK 8 rather than via the Jetty NPN
> implementation.

Is the Jetty solution related to the JSSE patch from Ben Murphy?

https://github.com/benmmurphy/ssl_npn

I was using this code for some SSL related tests, it is convinient to have  
a Github with Runtime code :)

> * NPN included in JEP 114.
> * JEP 114 designing a standard TLS extensions API that can serve for
> both NPN and SNI (and, generically, others TLS extensions)
> * JEP 114 shipped in OpenJDK 8.

... and some additional negotiation control code to help against excessive  
renegotiation attacks. Does Jetty have a fix here, as well?

Gruss
Bernd
-- 
http://bernd.eckenfels.net



More information about the security-dev mailing list