Code Review Request, 8148500: [Spec] Enabled SSL Protocols may not be used
Sean Mullan
sean.mullan at oracle.com
Tue Feb 16 20:24:44 UTC 2016
Looks good.
--Sean
On 02/15/2016 09:14 PM, Xuelei Fan wrote:
> It's nice. Here is the updated webrev:
>
> http://cr.openjdk.java.net/~xuelei/8148500/webrev/
>
> Thanks,
> Xuelei
>
> On 2/16/2016 12:05 AM, Sean Mullan wrote:
>> On lines 282-5 of SSLSocket, I think you should use similar language to
>> be consistent:
>>
>> "Note that even if a suite has been enabled, it may never be used. This
>> can occur if the peer does not support it, the requisite certificates
>> (and private keys) for the suite are not available, or an anonymous
>> suite is enabled but authentication is required."
>>
>> A similar wording change should probably be made to
>> SSLServerSocket.getEnabledCipherSuites and
>> SSLEngine.getEnabledCipherSuites.
>>
>> --Sean
>>
>> On 02/14/2016 07:11 PM, Xuelei Fan wrote:
>>> Hi,
>>>
>>> Please review this spec update:
>>>
>>> http://cr.openjdk.java.net/~xuelei/8148500/webrev/
>>>
>>> This fix updates the specification to indicate that an enabled protocol
>>> may never be used. No implementation and behavior update.
>>>
>>> Thanks,
>>> Xuelei
>>>
>
More information about the security-dev
mailing list