RFR: 8211426: SSL handshake succeeds under JDK 9 (and earlier) but not under JDK 11

Anthony Scarpino anthony.scarpino at oracle.com
Mon Oct 15 03:04:20 UTC 2018


I’d like a review of this fix for when DSA is the only key available. It’s debatable how realistic this situation is, but it is a regression and key tool uses dsa by default.

The fix is to remove tls1.3 from the default protocols. The placement of the code change is to minimize the keymanager check to only SSLContext setup and not have a check run with every connection. 

http://cr.openjdk.java.net/~ascarpino/8211426/webrev.00/

This webrev does not include the test as I did not have time to modify it yet. I will include that in a future review after my vacation. 

Tony

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20181014/1fee495a/attachment.htm>


More information about the security-dev mailing list