RFR: JDK-8207237: SSLSocket#setEnabledCipherSuites is accepting empty string

Jamil Nimeh jamil.j.nimeh at oracle.com
Wed Jul 18 04:43:07 UTC 2018


Hello all,

This fixes a recent finding in the new TLS code where we're accepting a 
cipher suite that is an empty string where in the past we would throw 
IllegalArgumentException.  This fix makes the new TLS implementation 
consistent with the old behavior.

Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8207237/webrev.01/

JBS: https://bugs.openjdk.java.net/browse/JDK-8207237

--Jamil




More information about the security-dev mailing list