RFR: 8217633: Configurable extensions with system properties
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Fri Dec 11 23:28:10 UTC 2020
The TLS protocols are designed to tolerant unknown TLS extensions. However, although it is not common, there are a few TLS implementations that cannot handle unknown extensions properly. As results in unexpected interoperability issue when new extensions are introduced in JDK. The interoperability impact could be mitigated If applications can customize the extensions if needed.
With this update, two system properties are added to configure the default extensions in either client or server side of TLS connections. Please note that the impact of blocking TLS extensions is complicated. For example, a TLS connection may not be able to established if a mandatory extension is blocked. Please don't use this feature unless you clearly understand the impact.
Bug: https://bugs.openjdk.java.net/browse/JDK-8217633
CSR: https://bugs.openjdk.java.net/browse/JDK-8217993
-------------
Commit messages:
- Remove swp file
- Add regression test
- 8217633: Configurable extensions with system properties
Changes: https://git.openjdk.java.net/jdk/pull/1752/files
Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=1752&range=00
Issue: https://bugs.openjdk.java.net/browse/JDK-8217633
Stats: 147 lines in 2 files changed: 121 ins; 2 del; 24 mod
Patch: https://git.openjdk.java.net/jdk/pull/1752.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/1752/head:pull/1752
PR: https://git.openjdk.java.net/jdk/pull/1752
More information about the security-dev
mailing list