RFR: 8296820: Add implementation note to SSLContext.getInstance noting subsequent behavior if protocol is disabled
Xue-Lei Andrew Fan
xuelei at openjdk.org
Tue Nov 15 19:16:07 UTC 2022
On Tue, 15 Nov 2022 19:07:05 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
> It may be not an option to stop at SSLContext.getInstance() if the protocol is disabled rather than delay to handshaking, as an application still can have the protocol back by overriding the default security properties.
I may be wrong. The security property may be just loaded one time, and the follow-on update will not take effect. If it is the case, is it an option to stop at SSLContext.getInstance()?
-------------
PR: https://git.openjdk.org/jdk/pull/11172
More information about the security-dev
mailing list