RFR: JDK-8207237: SSLSocket#setEnabledCipherSuites is accepting empty string
Xuelei Fan
Xuelei.Fan at Oracle.Com
Wed Jul 18 05:16:37 UTC 2018
Looks fine to me.
Thanks,
Xuelei
> On Jul 17, 2018, at 9:43 PM, Jamil Nimeh <jamil.j.nimeh at oracle.com> wrote:
>
> Hello all,
>
> This fixes a recent finding in the new TLS code where we're accepting a cipher suite that is an empty string where in the past we would throw IllegalArgumentException. This fix makes the new TLS implementation consistent with the old behavior.
>
> Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8207237/webrev.01/
>
> JBS: https://bugs.openjdk.java.net/browse/JDK-8207237
>
> --Jamil
>
>
More information about the security-dev
mailing list