TLS ALPN Proposal v6
Xuelei Fan
xuelei.fan at oracle.com
Fri Oct 2 02:35:50 UTC 2015
On 10/2/2015 9:03 AM, Bradford Wetmore wrote:
> Major changes:
>
> 1. ApplicationProtocols is gone. The H2 black list and comparator were
> moved to StandardConstants.
>
> 2. StandardConstants. Strings for "h2" and "http/1.1" are back. And
> now that you are parsing the raw network bytes, I added a convenience
> mapping between the two byte ciphersuite IANA-assigned value and the
> Java Standard Name.
>
There is no SSLExplorer in OpenJDK. I think, maybe, the map is not
belong to OpenJDK either.
I think, the constants for HTTP2 is also belong to application protocol
(HTTP2) layer. Application (HTTP2) implementation would take care of
them. Maybe, they are not a part of JSSE framework either.
I would like to have "h2" and "http/1.1" defined as Standard Algorithms
Docs as we usually did for other standard constants.
> 3. SSLParameter (set/get) are moved to SSLSocket/SSLEngine. Even
> though these could go into SSLParameters, this change makes backporting
> much easier. The helper code simply has to reflectively look for the
> four methods in the implementation classes, and call if they are there.
>
> Otherwise, there would have to be reflection both in the user code
> (above) and implementation (to see if the passed SSLParameters had the
> new methods via a subclass).
But, looking forward, per JSSE framework, SSLParameters should be the
central place to define SSL/TLS configuration parameters. We'd better
follow the conventions so that application developers won't get confused
about where SSL/TLS parameters should be configured.
Maybe, we cannot add public APIs for backporting. I think backporting is
another history, and would better not impact too much of the design for
JDK 9 and future releases.
Hope it helps!
Xuelei
More information about the security-dev
mailing list