RFR: 8280494: (D)TLS signature schemes [v13]

Xue-Lei Andrew Fan xuelei at openjdk.java.net
Mon Feb 7 22:03:19 UTC 2022


On Mon, 7 Feb 2022 19:51:28 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   correct null tags
>
> src/java.base/share/classes/javax/net/ssl/SSLParameters.java line 744:
> 
>> 742:      * the {@systemProperty jdk.tls.client.SignatureSchemes} and/or
>> 743:      * {@systemProperty jdk.tls.server.SignatureSchemes} system properties to
>> 744:      * customize the provider-specific default signature schemes.
> 
> This still doesn't say if the properties override the API. I would suggest adding a sentence: "If set, these properties will override the signature schemes returned by this method."
> 
> Similar comment in `setSignatureSchemes`.

I think lines 714-816/723-725 describe the behavior already.

I was hesitate to use "override", as the System Property values and the default signature schemes are not actually overrode.  The default signature schemes are still there, and they are not just used for this specific connection, when the connection use the non-default values.

It might be something like, "If the returned array of this method is not {@code null} or empty, the default signature schemes are not used, and signature schemes in the returned array of this method will be used instead".  But I think it is a duplicate of lines 714-816/723-725 .

-------------

PR: https://git.openjdk.java.net/jdk/pull/7252



More information about the security-dev mailing list