RFR CSR for 8200400 Restrict Sasl mechanisms

Weijun Wang weijun.wang at oracle.com
Tue Nov 27 02:27:24 UTC 2018

Previous message (by thread): Code Review Request, JDK-8214321: Misleading code in SSLCipher
Next message (by thread): RFR [12]: 8214140: Remove TLS v1 and v1.1 from SSLContext required algorithms
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Please review the CSR at

   https://bugs.openjdk.java.net/browse/JDK-8214331

One concern:

When a disabled mechanism is requested, Sasl.createClient and Sasl.createServer might silently return null and if a user has already taken for granted that a client should be returned an NPE will thrown somewhere. This is not quite friendly.

Thanks
Max

Previous message (by thread): Code Review Request, JDK-8214321: Misleading code in SSLCipher
Next message (by thread): RFR [12]: 8214140: Remove TLS v1 and v1.1 from SSLContext required algorithms
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the security-dev mailing list