RFR: 8296820: Add implementation note to SSLContext.getInstance noting subsequent behavior if protocol is disabled
Sean Mullan
mullan at openjdk.org
Tue Nov 15 18:40:04 UTC 2022
On Tue, 15 Nov 2022 18:27:27 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
> As you are already there, it may be nice to cover more options that the protocol may not be used for the handshaking. Here are some cases I'm aware of:
>
> 1. the protocol is disabled with Security property
> 2. the protocol is not set while setting the SSLParameters
> 3. the protocol is not set while set the enabled protocol
> 4. the protocol is not supported by the peer
> 5. the protocol is not supported by any cipher suites enabled.
Good point, but I feel that should be handled in a separate issue, if necessary. Also, most of those other cases above (except for #4) are influenced by additional methods subsequently invoked by the application. For this one, it may be a bit surprising for the SSLContext to be returned when the protocol is disabled (although it is still compliant with the API as specified), and then later it doesn't work, so the implementation note is useful. The JCK team requested this clarification.
-------------
PR: https://git.openjdk.org/jdk/pull/11172
More information about the security-dev
mailing list