Code Review Request JDK-8209965 : The "supported_groups" extension in ServerHellos
Xuelei Fan
xuelei.fan at oracle.com
Sun Aug 26 14:39:29 UTC 2018
Hi,
Please review a compatibility fix for SunJSSE provider:
http://cr.openjdk.java.net/~xuelei/8209965/webrev.00
There are servers that send the supported_groups extension in the
ServerHello handshake message. It does not comply to the specification.
However, as there are a few deployments already with the buggy
implementation, we may want to tolerate this behavior in JDK.
Note that although this extension is allowed in the ServerHello, it
should be ignored and have no impact on the client behavior.
The problem was reported and the fix was tested in OopenJDK:
http://mail.openjdk.java.net/pipermail/security-dev/2018-August/018005.html
Thanks,
Xuelei
More information about the security-dev
mailing list