Issues with ALPN implementation in JDK 9
Jason T. Greene
jason.greene at redhat.com
Wed Jun 15 01:40:42 UTC 2016
> On Jun 14, 2016, at 7:04 PM, Greg Wilkins <gregw at webtide.com> wrote:
>
> If SslEngine is changed to allow the negotiated application protocol to be set up until the time the hello response was wrapped, that would fix the problem. Would it create any others?
Well the fundamental issue is that the application protocol isn't a direct function of a cipher, rather the application protocol has a policy of allowed ciphers and optimal selection is finding the most recent protocol with a matching allowed cipher.
More information about the security-dev
mailing list