A new proposal to add methods to HttpsURLConnection to access SSLSession

Xuelei Fan xuelei.fan at oracle.com
Tue Oct 30 20:55:10 UTC 2018


Hi,

For the current HttpsURLConnection, there is not much security 
parameters exposed in the public APIs.  An application may need richer 
information for the underlying TLS connections, for example the 
negotiated TLS protocol version.

Please let me know if you have concerns to add a new method 
HttpsURLConnection.getSSLSession() and deprecate the duplicated methods, 
by the end of Nov. 2, 2018.

Here is the proposal:
     https://bugs.openjdk.java.net/browse/JDK-8213161

Thanks,
Xuelei






More information about the security-dev mailing list