New status code in SSLEngineResult.HandshakeStatus

Xuelei Fan xuelei.fan at oracle.com
Tue Jul 7 23:57:43 UTC 2015


Hi David,

Thanks for the suggestion.  Here is the JBS bug for the track of the
improvement:

   https://bugs.openjdk.java.net/browse/JDK-8130461

Thanks,
Xuelei

On 7/2/2015 12:45 AM, David M. Lloyd wrote:
> It has caused some consternation among certain of our engineers that
> there is a new possible status code in SSLEngineResult.HandshakeStatus.
>  If a new status were generally added, it would cause subtle or not so
> subtle breakage amount current SSLEngine consumers.
> 
> I request that it be made more clear in the documentation that the new
> status code applies only to DTLS; something like this:
> 
> diff --git
> a/src/java.base/share/classes/javax/net/ssl/SSLEngineResult.java
> b/src/java.base/share/classes/javax/net/ssl/SSLEngineResult.java
> index e2865e6..5473188 100644
> --- a/src/java.base/share/classes/javax/net/ssl/SSLEngineResult.java
> +++ b/src/java.base/share/classes/javax/net/ssl/SSLEngineResult.java
> @@ -156,6 +156,9 @@ public class SSLEngineResult {
>           * This value is used to indicate that not-yet-interpreted data
>           * has been previously received from the remote side, and does
>           * not need to be received again.
> +         * <P>
> +         * This result code is only used by DTLS and is not a possible
> +         * result for stream-oriented TLS.
>           *
>           * @since   1.9
>           */
> 
> Thanks.
> 




More information about the security-dev mailing list