TLS ALPN Proposal v5

Xuelei Fan xuelei.fan at oracle.com
Sat Sep 26 01:49:17 UTC 2015


On 9/26/2015 8:47 AM, Bradford Wetmore wrote:
>> It might be not customers expected behavior to re-order/sort their
>> preference of cipher suites or preference.
> 
> Are we are clear that the intention was never for the JDK to internally
> resort the ciphersuites, but rather to provide an external helper
> function (H2BLACKLISTCOMPARATOR) with which applications can do their
> own sorting and pass the results to setEnabledCiphersuite()?

My points:
1. OpenJDK should not do the re-sort internally. The preference decision
should be made before the call to setEnabledCiphersuite().

I think Simone agreed with this point.

2. A handy function to resort the cipher suite is useful. But it is out
of the scope of ALPN, or even out of the scope of OpenJDK. Application
can do whatever resorting, H2BLACKLISTCOMPARATOR does not belong to OpenJDK.

Xuelei


More information about the security-dev mailing list