RFR: JEP 249 (OCSP Stapling for TLS)
Xuelei Fan
xuelei.fan at oracle.com
Tue Jun 23 07:39:30 UTC 2015
On 6/23/2015 3:04 PM, Jamil Nimeh wrote:
>> src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java
>> ==================================================================
>> - private final boolean enableStatusRequestExtension =
>> + private final static boolean enableStatusRequestExtension =
>> May not want to support dynamic system property.
> Actually I did want it to take that value of the property at
> instantiation time so people could selectively turn it on and off before
> creating sockets/engines. What concerns do you have about it being
> dynamic?
Caches, for example session/trust manager/key manager, are used a lot in
SSL/TLS handshaking. Dynamic system property may make the behavior a
little bit complicated. In general, if not necessary, I would prefer to
use static system property as what we did before for similar properties.
Developers only need to understand one mode, as would simplify the
learning curve, I think.
Anyway, not a big concerns of mine.
Xuelei
More information about the security-dev
mailing list