New status code in SSLEngineResult.HandshakeStatus

David M. Lloyd david.lloyd at redhat.com
Wed Jul 1 16:45:52 UTC 2015


It has caused some consternation among certain of our engineers that 
there is a new possible status code in SSLEngineResult.HandshakeStatus. 
  If a new status were generally added, it would cause subtle or not so 
subtle breakage amount current SSLEngine consumers.

I request that it be made more clear in the documentation that the new 
status code applies only to DTLS; something like this:

diff --git 
a/src/java.base/share/classes/javax/net/ssl/SSLEngineResult.java 
b/src/java.base/share/classes/javax/net/ssl/SSLEngineResult.java
index e2865e6..5473188 100644
--- a/src/java.base/share/classes/javax/net/ssl/SSLEngineResult.java
+++ b/src/java.base/share/classes/javax/net/ssl/SSLEngineResult.java
@@ -156,6 +156,9 @@ public class SSLEngineResult {
           * This value is used to indicate that not-yet-interpreted data
           * has been previously received from the remote side, and does
           * not need to be received again.
+         * <P>
+         * This result code is only used by DTLS and is not a possible
+         * result for stream-oriented TLS.
           *
           * @since   1.9
           */

Thanks.

-- 
- DML


More information about the security-dev mailing list