[9] RFC: 8061798: Add support for TLS_FALLBACK_SCSV (RFC 7507)

Xuelei Fan xuelei.fan at oracle.com
Wed May 6 23:39:47 UTC 2015

On 5/6/2015 9:42 PM, Florian Weimer wrote:
> On 05/06/2015 01:42 AM, Xuelei Fan wrote:
>> As additional APIs are strongly desired, what do you think to make the
>> API more general and easy to use?  For example, using the name:
>>     SSLParameters.setUseFallbackMode(boolean isFallback)
>>     boolean SSLParameters.getuseFallbackMode()
>> We can implement more for this parameters if need to take care of
>> additional more problems during fallback negotiation.  Instinctively,
>> developers and code reviewers would not call this APIs unless this is a
>> real fallback negotiation, I think.
> Sounds reasonable.  I have add an @implNote mentioning that the default
> provider sends TLS_FALLBACK_SCSV.
>   <http://cr.openjdk.java.net/~fweimer/8061798/webrev.01/>
I guess the new webrev may be:


> There are now additional tests which explicitly verify the cipher suite
> list sent by the client.

More information about the security-dev mailing list