RFR: 8061798: Add support for TLS_FALLBACK_SCSV

Florian Weimer fweimer at redhat.com
Mon Jan 26 10:04:30 UTC 2015


I have rebased the TLS_FALLBACK_SCSV implementation I submitted in
October 2014 to the current jdk9-dev tree:

  <http://cr.openjdk.java.net/~fweimer/8061798/webrev.00/>

The test uses an expired X.509 certificate (which was already part of
the test suite), but this is harmless.

TLS_FALLBACK_SCSV is a bit of a wart, but it seems necessary for feature
parity with other TLS server implementations.

-- 
Florian Weimer / Red Hat Product Security


More information about the security-dev mailing list