RFR: JEP 249 (OCSP Stapling for TLS)

Thomas Lußnig openjdk at suche.org
Sun Jun 21 13:46:52 UTC 2015


here are some comments about what i was thinking:

- Why not make the parsed message available ?
  If the client wan't to check it he need to parse/implement the
handling again.
- Why not allow to toggle each of the extensions individually ?
  I think after Heartbleed this would be an good idee
+        if (enableStatusRequestExtension) {
+            clientHelloMessage.addCertStatusReqListV2Extension();
+            clientHelloMessage.addCertStatusRequestExtension();
+        }
- Why to break the comments earlyer ?

More information about the security-dev mailing list