RFR: 8061798: Add support for TLS_FALLBACK_SCSV
Florian Weimer
fweimer at redhat.com
Mon Jan 26 10:04:30 UTC 2015
I have rebased the TLS_FALLBACK_SCSV implementation I submitted in
October 2014 to the current jdk9-dev tree:
<http://cr.openjdk.java.net/~fweimer/8061798/webrev.00/>
The test uses an expired X.509 certificate (which was already part of
the test suite), but this is harmless.
TLS_FALLBACK_SCSV is a bit of a wart, but it seems necessary for feature
parity with other TLS server implementations.
--
Florian Weimer / Red Hat Product Security
More information about the security-dev
mailing list