RFR: JDK-8207237: SSLSocket#setEnabledCipherSuites is accepting empty string
Jamil Nimeh
jamil.j.nimeh at oracle.com
Wed Jul 18 04:43:07 UTC 2018
Hello all,
This fixes a recent finding in the new TLS code where we're accepting a
cipher suite that is an empty string where in the past we would throw
IllegalArgumentException. This fix makes the new TLS implementation
consistent with the old behavior.
Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8207237/webrev.01/
JBS: https://bugs.openjdk.java.net/browse/JDK-8207237
--Jamil
More information about the security-dev
mailing list