CSR Review: 8208641: SSLSocket should throw an exception when configuring DTLS
Sean Mullan
sean.mullan at oracle.com
Mon Aug 13 19:42:06 UTC 2018
On 8/10/18 3:49 PM, Anthony Scarpino wrote:
>> On 8/9/2018 4:25 AM, Sean Mullan wrote:
>>> On 8/8/18 5:29 PM, Xuelei Fan wrote:
>>>> The "Default" algorithm defined in the SunJSSE provider is for TLS
>>>> protocols.
>>>
>>> What if I set DTLS to be the default, though? Ex:
>>>
>>> SSLContext.setDefault(SSLContext.getInstance("DTLS"));
>>>
>> Good point! Maybe, we also need to update the
>> SSLSocketFactory/SSLServerSocketFactory.getDefault() to return
>> inoperative factory.
>
> I'm not sure the code path you're looking as the oneI see seems pretty
> obscure.
>
> Are you two talking about where SSL[Server]SocketFactory.getDefault()
> uses a ssl.SocketFactory.provider property set to SunJSSE? If so, can
> see that as a code review comment, but it seems very obscure for the CSR.
Here's the code I would use:
SSLContext.setDefault(SSLContext.getInstance("DTLS"));
ServerSocketFactory fac = SSLServerSocketFactory.getDefault();
If I read the spec correctly, fac should be an "inoperative factory".
--Sean
More information about the security-dev
mailing list