[9] RFC: 8061798: Add support for TLS_FALLBACK_SCSV (RFC 7507)
Florian Weimer
fweimer at redhat.com
Thu May 7 06:01:22 UTC 2015
On 05/07/2015 01:39 AM, Xuelei Fan wrote:
> On 5/6/2015 9:42 PM, Florian Weimer wrote:
>> On 05/06/2015 01:42 AM, Xuelei Fan wrote:
>>> As additional APIs are strongly desired, what do you think to make the
>>> API more general and easy to use? For example, using the name:
>>>
>>> SSLParameters.setUseFallbackMode(boolean isFallback)
>>> boolean SSLParameters.getuseFallbackMode()
>>>
>>> We can implement more for this parameters if need to take care of
>>> additional more problems during fallback negotiation. Instinctively,
>>> developers and code reviewers would not call this APIs unless this is a
>>> real fallback negotiation, I think.
>>
>> Sounds reasonable. I have add an @implNote mentioning that the default
>> provider sends TLS_FALLBACK_SCSV.
>>
>> <http://cr.openjdk.java.net/~fweimer/8061798/webrev.01/>
>>
> I guess the new webrev may be:
> http://cr.openjdk.java.net/~fweimer/8061798/webrev.02/
Right, sorry.
--
Florian Weimer / Red Hat Product Security
More information about the security-dev
mailing list