RFR: 8217633: Configurable extensions with system properties [v4]

Xue-Lei Andrew Fan xuelei at openjdk.java.net
Thu Jan 28 01:25:12 UTC 2021


> The TLS protocols are designed to tolerant unknown TLS extensions. However, although it is not common, there are a few TLS implementations that cannot handle unknown extensions properly. As results in unexpected interoperability issue when new extensions are introduced in JDK. The interoperability impact could be mitigated If applications can customize the extensions if needed.
> 
> With this update, two system properties are added to configure the default extensions in either client or server side of TLS connections.  Please note that the impact of blocking TLS extensions is complicated.  For example, a TLS connection may not be able to established if a mandatory extension is blocked.  Please don't use this feature unless you clearly understand the impact.
> 
> Bug: https://bugs.openjdk.java.net/browse/JDK-8217633 
> CSR: https://bugs.openjdk.java.net/browse/JDK-8217993

Xue-Lei Andrew Fan has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains six additional commits since the last revision:

 - Merge
 - rename the system property names
 - Update copyright years to 2021
 - Remove swp file
 - Add regression test
 - 8217633: Configurable extensions with system properties

-------------

Changes:
  - all: https://git.openjdk.java.net/jdk/pull/1752/files
  - new: https://git.openjdk.java.net/jdk/pull/1752/files/88beb8ae..ed9409c8

Webrevs:
 - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=1752&range=03
 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=1752&range=02-03

  Stats: 121138 lines in 3068 files changed: 60397 ins; 38820 del; 21921 mod
  Patch: https://git.openjdk.java.net/jdk/pull/1752.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/1752/head:pull/1752

PR: https://git.openjdk.java.net/jdk/pull/1752


More information about the security-dev mailing list