RFR: JDK-8207237: SSLSocket#setEnabledCipherSuites is accepting empty string

Xuelei Fan Xuelei.Fan at Oracle.Com
Wed Jul 18 05:16:37 UTC 2018


Looks fine to me.

Thanks,
Xuelei

> On Jul 17, 2018, at 9:43 PM, Jamil Nimeh <jamil.j.nimeh at oracle.com> wrote:
> 
> Hello all,
> 
> This fixes a recent finding in the new TLS code where we're accepting a cipher suite that is an empty string where in the past we would throw IllegalArgumentException.  This fix makes the new TLS implementation consistent with the old behavior.
> 
> Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8207237/webrev.01/
> 
> JBS: https://bugs.openjdk.java.net/browse/JDK-8207237
> 
> --Jamil
> 
> 



More information about the security-dev mailing list