Code Review Request, JDK-8207029 Unable to use custom SSLEngine with default TrustManagerFactory after updating to JDK 11 b21

Alan Bateman Alan.Bateman at
Thu Jul 12 06:53:21 UTC 2018

On 12/07/2018 05:47, Xuelei Fan wrote:
> Hi,
> Please review the update:
> It's an interesting user case of the TrustManagerFactory and 
> KeyManagerFactory.  The KeyManager or TrustManager implementation may 
> be not implemented in the same provider as SSLSocket/SSLEngine.
> See also 
Xuelei - is there follow-up work to develop some tests that use custom 
KeyManager or TrustManager implementations that are in different 
providers to the SSLEngine. I realize not many will do that but it seems 
easy to break these type of scenarios if we don't have tests.


More information about the security-dev mailing list