RFR CSR for 8200400 Restrict Sasl mechanisms

Weijun Wang weijun.wang at oracle.com
Tue Nov 27 02:27:24 UTC 2018

Please review the CSR at


One concern:

When a disabled mechanism is requested, Sasl.createClient and Sasl.createServer might silently return null and if a user has already taken for granted that a client should be returned an NPE will thrown somewhere. This is not quite friendly.


More information about the security-dev mailing list