TLS ALPN Proposal v6

Xuelei Fan at
Fri Oct 2 02:35:50 UTC 2015

On 10/2/2015 9:03 AM, Bradford Wetmore wrote:
> Major changes:
> 1.  ApplicationProtocols is gone.  The H2 black list and comparator were
> moved to StandardConstants.
> 2.  StandardConstants.  Strings for "h2" and "http/1.1" are back.  And
> now that you are parsing the raw network bytes, I added a convenience
> mapping between the two byte ciphersuite IANA-assigned value and the
> Java Standard Name.
There is no SSLExplorer in OpenJDK. I think, maybe, the map is not
belong to OpenJDK either.

I think, the constants for HTTP2 is also belong to application protocol
(HTTP2) layer.  Application (HTTP2) implementation would take care of
them.  Maybe, they are not a part of JSSE framework either.

I would like to have "h2" and "http/1.1" defined as Standard Algorithms
Docs as we usually did for other standard constants.

> 3.  SSLParameter (set/get) are moved to SSLSocket/SSLEngine.  Even
> though these could go into SSLParameters, this change makes backporting
> much easier.  The helper code simply has to reflectively look for the
> four methods in the implementation classes, and call if they are there.
> Otherwise, there would have to be reflection both in the user code
> (above) and implementation (to see if the passed SSLParameters had the
> new methods via a subclass).
But, looking forward, per JSSE framework, SSLParameters should be the
central place to define SSL/TLS configuration parameters. We'd better
follow the conventions so that application developers won't get confused
about where SSL/TLS parameters should be configured.

Maybe, we cannot add public APIs for backporting. I think backporting is
another history, and would better not impact too much of the design for
JDK 9 and future releases.

Hope it helps!


More information about the security-dev mailing list