RFR: JEP 249 (OCSP Stapling for TLS)
Thomas Lußnig
openjdk at suche.org
Sun Jun 21 13:46:52 UTC 2015
Hi,
here are some comments about what i was thinking:
http://cr.openjdk.java.net/~jnimeh/reviews/8046321/webrev.0/src/java.base/share/classes/javax/net/ssl/ExtendedSSLSession.java.patch
- Why not make the parsed message available ?
If the client wan't to check it he need to parse/implement the
handling again.
http://cr.openjdk.java.net/~jnimeh/reviews/8046321/webrev.0/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java.patch
- Why not allow to toggle each of the extensions individually ?
I think after Heartbleed this would be an good idee
+ if (enableStatusRequestExtension) {
+ clientHelloMessage.addCertStatusReqListV2Extension();
+ clientHelloMessage.addCertStatusRequestExtension();
+ }
http://cr.openjdk.java.net/~jnimeh/reviews/8046321/webrev.0/src/java.base/share/classes/sun/security/x509/PKIXExtensions.java.patch
- Why to break the comments earlyer ?
More information about the security-dev
mailing list