RFR 8167459: Add debug output for indicating if a chosen ciphersuite was legacy.
Bradford Wetmore
bradford.wetmore at oracle.com
Mon Oct 10 22:57:42 UTC 2016
Hi Xuelei,
We should provide more information about which ciphersuites were
actually considered for a handshake and why they were ultimately
chosen/not chosen, but for now we have been requested to add a debug
message to indicate whether or not the selected ciphersuite was legacy.
Examples:
% java -Djavax.net.debug=all MyClass // or % java -Djavax.net.debug=ssl
MyClass
...deleted...
Standard ciphersuite chosen: TLS_RSA_WITH_AES_128_CBC_SHA
...deleted...
or
...deleted...
Legacy ciphersuite chosen: SSL_RSA_WITH_RC4_128_SHA
...deleted...
The proposed simple change is:
https://bugs.openjdk.java.net/browse/JDK-8167459
http://cr.openjdk.java.net/~wetmore/8167459/webrev.00/
Thanks,
Brad
More information about the security-dev
mailing list