RFR: 8281658: Add a security category to the java -XshowSettings option [v8]
Sean Coffey
coffeys at openjdk.org
Fri Jul 7 14:53:00 UTC 2023
On Fri, 7 Jul 2023 13:40:53 GMT, Sean Coffey <coffeys at openjdk.org> wrote:
>> src/java.base/share/classes/sun/launcher/SecuritySettings.java line 123:
>>
>>> 121: }
>>> 122:
>>> 123: ostream.println(INDENT + "Security TLS configuration:");
>>
>> What about also noting the name of the TLS/JSSE provider in this line, for example:
>>
>> "Security TLS configuration (SunJSSE provider):"
>>
>> This would be useful information if a customer is using a 3rd party JSSE provider, and it is selected before SunJSSE, as the defaults in that case may be different.
>
> good suggestion Sean. Patch updated.
I think we need to harden this area of code actually. Some JDK configurations may not have an SSL provider.
e.g. (removing JSSE from config)
See "java -X" for verbose security settings options
Security provider static configuration: (in order of preference)
Provider name: SUN
Provider name: SunRsaSign
Exception in thread "main" java.lang.InternalError: Failed to create SSL socket
at java.base/sun.launcher.SecuritySettings.printSecurityTLSConfig(SecuritySettings.java:121)
at java.base/sun.launcher.SecuritySettings.printSecuritySummarySettings(SecuritySettings.java:75)
at java.base/sun.launcher.LauncherHelper.showSettings(LauncherHelper.java:188)
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/14394#discussion_r1255945485
More information about the security-dev
mailing list