<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    The current fix does not affect the scenarios discussed earlier(that
    is a broader discussion,may be a different bug/enhancement).<br>
    The scenarios would be vaild even if the fix would not have been in
    place.<br>
    <br>
    -Rahul<br>
    <br>
    <div class="moz-cite-prefix">On 27/03/2020 17:50, Chris Hegarty
      wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:A60438AE-BA46-49AF-BF6E-0B7FD09C1A3B@oracle.com">
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
      Thank you for these clarifications. We will now consider how these
      affect, if at all, the HTTP Client.
      <div class=""><br class="">
      </div>
      <div class="">-Chris.<br class="">
        <div><br class="">
          <blockquote type="cite" class="">
            <div class="">On 27 Mar 2020, at 17:47, Xuelei Fan <<a
                href="mailto:xuelei.fan@oracle.com" class=""
                moz-do-not-send="true">xuelei.fan@oracle.com</a>>
              wrote:</div>
            <br class="Apple-interchange-newline">
            <div class=""><span style="caret-color: rgb(0, 0, 0);
                font-family: Helvetica; font-size: 18px; font-style:
                normal; font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none; float: none; display: inline
                !important;" class="">On 3/27/2020 10:36 AM, Chris
                Hegarty wrote:</span><br style="caret-color: rgb(0, 0,
                0); font-family: Helvetica; font-size: 18px; font-style:
                normal; font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none;" class="">
              <blockquote type="cite" style="font-family: Helvetica;
                font-size: 18px; font-style: normal; font-variant-caps:
                normal; font-weight: normal; letter-spacing: normal;
                orphans: auto; text-align: start; text-indent: 0px;
                text-transform: none; white-space: normal; widows: auto;
                word-spacing: 0px; -webkit-text-size-adjust: auto;
                -webkit-text-stroke-width: 0px; text-decoration: none;"
                class="">Thank you Xuelei, this very helpful.<br
                  class="">
                Sorry, but I am going to ask just a few more clarifying
                questions to make sure that we’re on the same page.<br
                  class="">
                <blockquote type="cite" class="">On 27 Mar 2020, at
                  16:23, Xuelei Fan <<a
                    href="mailto:xuelei.fan@oracle.com" class=""
                    moz-do-not-send="true">xuelei.fan@oracle.com</a>>
                  wrote:<br class="">
                  <br class="">
                  On 3/27/2020 5:52 AM, Chris Hegarty wrote:<br class="">
                  <blockquote type="cite" class="">Xuelei,<br class="">
                    Before commenting further on the interaction of the
                    HTTP Client with various contorted configurations, I
                    would like to get a better understanding of the
                    `jdk.tls.client.protocols` property.<br class="">
                    Is there a specification or other documentation
                    describing `jdk.tls.client.protocols` ?<br class="">
                  </blockquote>
                  See the jdk.tls.client.protocols line in table 'Table
                  8-3 System Properties and Customized Items" in JSSE
                  Reference Guides:<br class="">
                  <br class="">
                  "<a
href="https://docs.oracle.com/en/java/javase/14/security/java-secure-socket-extension-jsse-reference-guide.html#GUID-A41282C3-19A3-400A-A40F-86F4DA22ABA9"
                    class="" moz-do-not-send="true">https://docs.oracle.com/en/java/javase/14/security/java-secure-socket-extension-jsse-reference-guide.html#GUID-A41282C3-19A3-400A-A40F-86F4DA22ABA9</a><br
                    class="">
                  <br class="">
                  For your quick reference, I copied the note here:<br
                    class="">
                  <br class="">
                  ---------------<br class="">
                  Customized Item:<br class="">
                  Default handshaking protocols for TLS/DTLS clients.<br
                    class="">
                  <br class="">
                  Notes:<br class="">
                  To enable specific SunJSSE protocols on the client,
                  specify them in a comma-separated list within
                  quotation marks; all other supported protocols are not
                  enabled on the client<br class="">
                </blockquote>
                “supported” here means protocols that are supported by
                the provider, and may be used within a specific context.
                This translates, for the default SSLContext, to the API
                call getSupportedSSLParameters().getProtocols(), right?<br
                  class="">
              </blockquote>
              <span style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 18px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none; float: none; display: inline
                !important;" class="">Yes.</span><br style="caret-color:
                rgb(0, 0, 0); font-family: Helvetica; font-size: 18px;
                font-style: normal; font-variant-caps: normal;
                font-weight: normal; letter-spacing: normal; text-align:
                start; text-indent: 0px; text-transform: none;
                white-space: normal; word-spacing: 0px;
                -webkit-text-stroke-width: 0px; text-decoration: none;"
                class="">
              <br style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 18px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none;" class="">
              <blockquote type="cite" style="font-family: Helvetica;
                font-size: 18px; font-style: normal; font-variant-caps:
                normal; font-weight: normal; letter-spacing: normal;
                orphans: auto; text-align: start; text-indent: 0px;
                text-transform: none; white-space: normal; widows: auto;
                word-spacing: 0px; -webkit-text-size-adjust: auto;
                -webkit-text-stroke-width: 0px; text-decoration: none;"
                class="">getSupportedSSLParameters().getProtocols()
                returns a superset of
                getDefaultSSLParameters().getProtocols(). Conversely,
                getDefaultSSLParameters().getProtocols() is a strict
                subset of getSupportedSSLParameters().getProtocols(),
                right?<br class="">
              </blockquote>
              <span style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 18px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none; float: none; display: inline
                !important;" class="">Yes.</span><br style="caret-color:
                rgb(0, 0, 0); font-family: Helvetica; font-size: 18px;
                font-style: normal; font-variant-caps: normal;
                font-weight: normal; letter-spacing: normal; text-align:
                start; text-indent: 0px; text-transform: none;
                white-space: normal; word-spacing: 0px;
                -webkit-text-stroke-width: 0px; text-decoration: none;"
                class="">
              <br style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 18px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none;" class="">
              <blockquote type="cite" style="font-family: Helvetica;
                font-size: 18px; font-style: normal; font-variant-caps:
                normal; font-weight: normal; letter-spacing: normal;
                orphans: auto; text-align: start; text-indent: 0px;
                text-transform: none; white-space: normal; widows: auto;
                word-spacing: 0px; -webkit-text-size-adjust: auto;
                -webkit-text-stroke-width: 0px; text-decoration: none;"
                class="">The `jdk.tls.client.protocols` property has no
                affect on getSupportedSSLParameters().getProtocols()
                 only getDefaultSSLParameters().getProtocols(), right?<br
                  class="">
              </blockquote>
              <span style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 18px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none; float: none; display: inline
                !important;" class="">Yes.</span><br style="caret-color:
                rgb(0, 0, 0); font-family: Helvetica; font-size: 18px;
                font-style: normal; font-variant-caps: normal;
                font-weight: normal; letter-spacing: normal; text-align:
                start; text-indent: 0px; text-transform: none;
                white-space: normal; word-spacing: 0px;
                -webkit-text-stroke-width: 0px; text-decoration: none;"
                class="">
              <br style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 18px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none;" class="">
              <blockquote type="cite" style="font-family: Helvetica;
                font-size: 18px; font-style: normal; font-variant-caps:
                normal; font-weight: normal; letter-spacing: normal;
                orphans: auto; text-align: start; text-indent: 0px;
                text-transform: none; white-space: normal; widows: auto;
                word-spacing: 0px; -webkit-text-size-adjust: auto;
                -webkit-text-stroke-width: 0px; text-decoration: none;"
                class="">In which case,
                getDefaultSSLParameters().getProtocols() returns the
                value of  `jdk.tls.client.protocols`.<br class="">
                <blockquote type="cite" class="">For example,<br
                    class="">
                  <br class="">
                     If jdk.tls.client.protocols="TLSv1,TLSv1.1", then
                  the default protocol settings on the client for TLSv1
                  and TLSv1.1 are enabled, while SSLv3, TLSv1.2,
                  TLSv1.3, and SSLv2Hello are not enabled<br class="">
                  <br class="">
                     If jdk.tls.client.protocols="DTLSv1.2" , then the
                  protocol setting on the client for DTLS1.2 is enabled,
                  while DTLS1.0 is not enabled<br class="">
                  ---------------<br class="">
                </blockquote>
                Seems that the term “client” here is referring to
                client-initiated exchanges, rather than any specific
                technology.<br class="">
                The assumption, which is reasonable, is that “clients”
                will use the default context. Again, this is reasonable
                default out-of-the-box behavior.<br class="">
              </blockquote>
              <span style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 18px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none; float: none; display: inline
                !important;" class="">The client refer to the client
                side SSLSocket or SSLEngine created with the default
                SSLContext.  or example:</span><br style="caret-color:
                rgb(0, 0, 0); font-family: Helvetica; font-size: 18px;
                font-style: normal; font-variant-caps: normal;
                font-weight: normal; letter-spacing: normal; text-align:
                start; text-indent: 0px; text-transform: none;
                white-space: normal; word-spacing: 0px;
                -webkit-text-stroke-width: 0px; text-decoration: none;"
                class="">
              <span style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 18px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none; float: none; display: inline
                !important;" class="">   SSLContext sslContext =
                SSLContext.getInstance("TLS");</span><br
                style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 18px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none;" class="">
              <span style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 18px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none; float: none; display: inline
                !important;" class="">   SSLEngine sslEngine =
                sslContext.createSSLEngine();</span><br
                style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 18px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none;" class="">
              <span style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 18px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none; float: none; display: inline
                !important;" class="">   sslEngine.setUseClientMode(true);</span><br
                style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 18px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none;" class="">
              <br style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 18px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none;" class="">
              <span style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 18px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none; float: none; display: inline
                !important;" class="">The sslEngine object is a client
                that impacted by the property.</span><br
                style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 18px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none;" class="">
              <br style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 18px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none;" class="">
              <span style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 18px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none; float: none; display: inline
                !important;" class="">While if</span><br
                style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 18px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none;" class="">
              <span style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 18px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none; float: none; display: inline
                !important;" class="">   sslEngine.setUseClientMode(false);</span><br
                style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 18px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none;" class="">
              <br style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 18px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none;" class="">
              <span style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 18px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none; float: none; display: inline
                !important;" class="">then the object should not be
                impacted by the property.</span><br style="caret-color:
                rgb(0, 0, 0); font-family: Helvetica; font-size: 18px;
                font-style: normal; font-variant-caps: normal;
                font-weight: normal; letter-spacing: normal; text-align:
                start; text-indent: 0px; text-transform: none;
                white-space: normal; word-spacing: 0px;
                -webkit-text-stroke-width: 0px; text-decoration: none;"
                class="">
              <br style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 18px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none;" class="">
              <span style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 18px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none; float: none; display: inline
                !important;" class="">Xuelei</span><br
                style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 18px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none;" class="">
              <br style="caret-color: rgb(0, 0, 0); font-family:
                Helvetica; font-size: 18px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none;" class="">
              <blockquote type="cite" style="font-family: Helvetica;
                font-size: 18px; font-style: normal; font-variant-caps:
                normal; font-weight: normal; letter-spacing: normal;
                orphans: auto; text-align: start; text-indent: 0px;
                text-transform: none; white-space: normal; widows: auto;
                word-spacing: 0px; -webkit-text-size-adjust: auto;
                -webkit-text-stroke-width: 0px; text-decoration: none;"
                class="">
                <blockquote type="cite" class="">
                  <blockquote type="cite" class="">It is my
                    understanding that the property only affects the
                    *default* protocol’s ( not the supported protocols )
                    of the *default* context. That is, the context
                    returned by `SSLContext.getInstance("Default”)`,<br
                      class="">
                  </blockquote>
                  It is correct that the property impact the default
                  SSLContext only.  The default SSLContext instance
                  could get from:<br class="">
                     SSLContext.getInstance("Default");<br class="">
                     SSLContext.getInstance("TLS");<br class="">
                     SSLContext.getInstance("DTLS”);<br class="">
                </blockquote>
                Thanks for this clarification.<br class="">
                <blockquote type="cite" class=""><br class="">
                  <blockquote type="cite" class="">and the protocol
                    values returned by the following invocation on that
                    context `getDefaultSSLParameters().getProtocols()`.
                    Is this correct? If not, what does it do?<br
                      class="">
                  </blockquote>
                  Yes.<br class="">
                </blockquote>
                Thanks,<br class="">
                -Chris.</blockquote>
            </div>
          </blockquote>
        </div>
        <br class="">
      </div>
    </blockquote>
    <br>
  </body>
</html>