Align SSLSocket and SSLEngine Javadocs
Xuelei Fan
xuelei.fan at oracle.com
Mon Aug 27 13:59:54 UTC 2018
H Simone,
There is no change for the SSLSocket.startHandshake() and
SSLEngine.beginHandshake() specification. They are can be used for new
handshake and key update.
We want the specification independent from TLS versions as much as
possible. An application developer only need to know the
functionalities, but not necessarily to understand the TLS protocol details.
For TLS 1.2 and prior versions, the key update is performed with
renegotiation; for TLS 1.3, it is the KeyUpdate post-handshake.
Thanks,
Xuelei
On 8/27/2018 2:37 AM, Simone Bordet wrote:
> Hi,
>
> SSLSocket.startHandshake() and SSLEngine.beginHandshake() are similar
> in that they start the TLS handshake, but they can also be used after
> the TLS handshake.
>
> SSLSocket.startHandshake() Javadoc seems to be more generic,
> describing that the method may not only start a new handshake but also
> be used to update encryption keys etc.
>
> Especially in light of TLS 1.3 where renegotiation is forbidden, I
> would like the Javadoc of these method to align and describe exactly
> when they do with respect to the TLS protocol version.
>
> Thanks!
>
More information about the security-dev
mailing list