RFR [14]: JDK-8235263, Aftermath of TLS 1.3 in Java 11 with wrapped IOExceptions

Sean Mullan sean.mullan at oracle.com
Tue Dec 3 21:08:36 UTC 2019


Looks fine. The bug description is a bit dramatic though :) I would 
change it to not mention the Java version (which is already in the 
affectsVersion/Introduced in fields) and more descriptive of what is 
being changed, ex: "Revert TLS 1.3 change that wrapped IOExceptions".

--Sean

On 12/3/19 3:15 PM, Xuelei Fan wrote:
> Hi,
> 
> Could I get the following update reviewed?
>     http://cr.openjdk.java.net/~xuelei/8235263/webrev.00/
> 
> 
> In the SunJSSE provider, IOExceptions in application output stream was 
> updated to be wrapped into SSLException so as to close underlying 
> connections automatically. However, there are compatibility impact 
> reported [1].
> 
> It is not a good solution to use specific exception and JSSE 
> implementation details to switch business flow. However, as applications 
> have used this way, we may want to fix the compatibility issue.
> 
> Simple fix, no new regression test.  The HttpComponents community had 
> confirmed the patch [1].
> 
> Thanks,
> Xuelei
> 
> [1]: 
> https://mail.openjdk.java.net/pipermail/security-dev/2019-December/020956.html 
> 


More information about the security-dev mailing list