CSR Review: 8208641: SSLSocket should throw an exception when configuring DTLS

Sean Mullan sean.mullan at oracle.com
Mon Aug 13 19:42:06 UTC 2018


On 8/10/18 3:49 PM, Anthony Scarpino wrote:
>> On 8/9/2018 4:25 AM, Sean Mullan wrote:
>>> On 8/8/18 5:29 PM, Xuelei Fan wrote:
>>>> The "Default" algorithm defined in the SunJSSE provider is for TLS 
>>>> protocols.
>>>
>>> What if I set DTLS to be the default, though? Ex:
>>>
>>>      SSLContext.setDefault(SSLContext.getInstance("DTLS"));
>>>
>> Good point!  Maybe, we also need to update the 
>> SSLSocketFactory/SSLServerSocketFactory.getDefault() to return 
>> inoperative factory.
> 
> I'm not sure the code path you're looking as the oneI see seems pretty 
> obscure.
> 
> Are you two talking about where SSL[Server]SocketFactory.getDefault() 
> uses a ssl.SocketFactory.provider property set to SunJSSE?  If so, can 
> see that as a code review comment, but it seems very obscure for the CSR.

Here's the code I would use:

         SSLContext.setDefault(SSLContext.getInstance("DTLS"));
         ServerSocketFactory fac = SSLServerSocketFactory.getDefault();

If I read the spec correctly, fac should be an "inoperative factory".

--Sean



More information about the security-dev mailing list