RFR: JEP 249 (OCSP Stapling for TLS)

Xuelei Fan xuelei.fan at oracle.com
Tue Jun 23 07:39:30 UTC 2015


On 6/23/2015 3:04 PM, Jamil Nimeh wrote:
>> src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java
>> ==================================================================
>> -  private final boolean enableStatusRequestExtension =
>> +  private final static boolean enableStatusRequestExtension =
>> May not want to support dynamic system property.
> Actually I did want it to take that value of the property at
> instantiation time so people could selectively turn it on and off before
> creating sockets/engines.  What concerns do you have about it being
> dynamic?
Caches, for example session/trust manager/key manager, are used a lot in
SSL/TLS handshaking.  Dynamic system property may make the behavior a
little bit complicated.  In general, if not necessary, I would prefer to
use static system property as what we did before for similar properties.
 Developers only need to understand one mode, as would simplify the
learning curve, I think.

Anyway, not a big concerns of mine.

Xuelei



More information about the security-dev mailing list