<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
The current fix does not affect the scenarios discussed earlier(that
is a broader discussion,may be a different bug/enhancement).<br>
The scenarios would be vaild even if the fix would not have been in
place.<br>
<br>
-Rahul<br>
<br>
<div class="moz-cite-prefix">On 27/03/2020 17:50, Chris Hegarty
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:A60438AE-BA46-49AF-BF6E-0B7FD09C1A3B@oracle.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
Thank you for these clarifications. We will now consider how these
affect, if at all, the HTTP Client.
<div class=""><br class="">
</div>
<div class="">-Chris.<br class="">
<div><br class="">
<blockquote type="cite" class="">
<div class="">On 27 Mar 2020, at 17:47, Xuelei Fan <<a
href="mailto:xuelei.fan@oracle.com" class=""
moz-do-not-send="true">xuelei.fan@oracle.com</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<div class=""><span style="caret-color: rgb(0, 0, 0);
font-family: Helvetica; font-size: 18px; font-style:
normal; font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none; float: none; display: inline
!important;" class="">On 3/27/2020 10:36 AM, Chris
Hegarty wrote:</span><br style="caret-color: rgb(0, 0,
0); font-family: Helvetica; font-size: 18px; font-style:
normal; font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none;" class="">
<blockquote type="cite" style="font-family: Helvetica;
font-size: 18px; font-style: normal; font-variant-caps:
normal; font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-size-adjust: auto;
-webkit-text-stroke-width: 0px; text-decoration: none;"
class="">Thank you Xuelei, this very helpful.<br
class="">
Sorry, but I am going to ask just a few more clarifying
questions to make sure that we’re on the same page.<br
class="">
<blockquote type="cite" class="">On 27 Mar 2020, at
16:23, Xuelei Fan <<a
href="mailto:xuelei.fan@oracle.com" class=""
moz-do-not-send="true">xuelei.fan@oracle.com</a>>
wrote:<br class="">
<br class="">
On 3/27/2020 5:52 AM, Chris Hegarty wrote:<br class="">
<blockquote type="cite" class="">Xuelei,<br class="">
Before commenting further on the interaction of the
HTTP Client with various contorted configurations, I
would like to get a better understanding of the
`jdk.tls.client.protocols` property.<br class="">
Is there a specification or other documentation
describing `jdk.tls.client.protocols` ?<br class="">
</blockquote>
See the jdk.tls.client.protocols line in table 'Table
8-3 System Properties and Customized Items" in JSSE
Reference Guides:<br class="">
<br class="">
"<a
href="https://docs.oracle.com/en/java/javase/14/security/java-secure-socket-extension-jsse-reference-guide.html#GUID-A41282C3-19A3-400A-A40F-86F4DA22ABA9"
class="" moz-do-not-send="true">https://docs.oracle.com/en/java/javase/14/security/java-secure-socket-extension-jsse-reference-guide.html#GUID-A41282C3-19A3-400A-A40F-86F4DA22ABA9</a><br
class="">
<br class="">
For your quick reference, I copied the note here:<br
class="">
<br class="">
---------------<br class="">
Customized Item:<br class="">
Default handshaking protocols for TLS/DTLS clients.<br
class="">
<br class="">
Notes:<br class="">
To enable specific SunJSSE protocols on the client,
specify them in a comma-separated list within
quotation marks; all other supported protocols are not
enabled on the client<br class="">
</blockquote>
“supported” here means protocols that are supported by
the provider, and may be used within a specific context.
This translates, for the default SSLContext, to the API
call getSupportedSSLParameters().getProtocols(), right?<br
class="">
</blockquote>
<span style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 18px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none; float: none; display: inline
!important;" class="">Yes.</span><br style="caret-color:
rgb(0, 0, 0); font-family: Helvetica; font-size: 18px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; text-align:
start; text-indent: 0px; text-transform: none;
white-space: normal; word-spacing: 0px;
-webkit-text-stroke-width: 0px; text-decoration: none;"
class="">
<br style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 18px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none;" class="">
<blockquote type="cite" style="font-family: Helvetica;
font-size: 18px; font-style: normal; font-variant-caps:
normal; font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-size-adjust: auto;
-webkit-text-stroke-width: 0px; text-decoration: none;"
class="">getSupportedSSLParameters().getProtocols()
returns a superset of
getDefaultSSLParameters().getProtocols(). Conversely,
getDefaultSSLParameters().getProtocols() is a strict
subset of getSupportedSSLParameters().getProtocols(),
right?<br class="">
</blockquote>
<span style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 18px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none; float: none; display: inline
!important;" class="">Yes.</span><br style="caret-color:
rgb(0, 0, 0); font-family: Helvetica; font-size: 18px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; text-align:
start; text-indent: 0px; text-transform: none;
white-space: normal; word-spacing: 0px;
-webkit-text-stroke-width: 0px; text-decoration: none;"
class="">
<br style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 18px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none;" class="">
<blockquote type="cite" style="font-family: Helvetica;
font-size: 18px; font-style: normal; font-variant-caps:
normal; font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-size-adjust: auto;
-webkit-text-stroke-width: 0px; text-decoration: none;"
class="">The `jdk.tls.client.protocols` property has no
affect on getSupportedSSLParameters().getProtocols()
only getDefaultSSLParameters().getProtocols(), right?<br
class="">
</blockquote>
<span style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 18px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none; float: none; display: inline
!important;" class="">Yes.</span><br style="caret-color:
rgb(0, 0, 0); font-family: Helvetica; font-size: 18px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; text-align:
start; text-indent: 0px; text-transform: none;
white-space: normal; word-spacing: 0px;
-webkit-text-stroke-width: 0px; text-decoration: none;"
class="">
<br style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 18px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none;" class="">
<blockquote type="cite" style="font-family: Helvetica;
font-size: 18px; font-style: normal; font-variant-caps:
normal; font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-size-adjust: auto;
-webkit-text-stroke-width: 0px; text-decoration: none;"
class="">In which case,
getDefaultSSLParameters().getProtocols() returns the
value of `jdk.tls.client.protocols`.<br class="">
<blockquote type="cite" class="">For example,<br
class="">
<br class="">
If jdk.tls.client.protocols="TLSv1,TLSv1.1", then
the default protocol settings on the client for TLSv1
and TLSv1.1 are enabled, while SSLv3, TLSv1.2,
TLSv1.3, and SSLv2Hello are not enabled<br class="">
<br class="">
If jdk.tls.client.protocols="DTLSv1.2" , then the
protocol setting on the client for DTLS1.2 is enabled,
while DTLS1.0 is not enabled<br class="">
---------------<br class="">
</blockquote>
Seems that the term “client” here is referring to
client-initiated exchanges, rather than any specific
technology.<br class="">
The assumption, which is reasonable, is that “clients”
will use the default context. Again, this is reasonable
default out-of-the-box behavior.<br class="">
</blockquote>
<span style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 18px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none; float: none; display: inline
!important;" class="">The client refer to the client
side SSLSocket or SSLEngine created with the default
SSLContext. or example:</span><br style="caret-color:
rgb(0, 0, 0); font-family: Helvetica; font-size: 18px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; text-align:
start; text-indent: 0px; text-transform: none;
white-space: normal; word-spacing: 0px;
-webkit-text-stroke-width: 0px; text-decoration: none;"
class="">
<span style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 18px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none; float: none; display: inline
!important;" class=""> SSLContext sslContext =
SSLContext.getInstance("TLS");</span><br
style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 18px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none;" class="">
<span style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 18px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none; float: none; display: inline
!important;" class=""> SSLEngine sslEngine =
sslContext.createSSLEngine();</span><br
style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 18px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none;" class="">
<span style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 18px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none; float: none; display: inline
!important;" class=""> sslEngine.setUseClientMode(true);</span><br
style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 18px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none;" class="">
<br style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 18px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none;" class="">
<span style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 18px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none; float: none; display: inline
!important;" class="">The sslEngine object is a client
that impacted by the property.</span><br
style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 18px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none;" class="">
<br style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 18px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none;" class="">
<span style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 18px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none; float: none; display: inline
!important;" class="">While if</span><br
style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 18px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none;" class="">
<span style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 18px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none; float: none; display: inline
!important;" class=""> sslEngine.setUseClientMode(false);</span><br
style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 18px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none;" class="">
<br style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 18px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none;" class="">
<span style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 18px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none; float: none; display: inline
!important;" class="">then the object should not be
impacted by the property.</span><br style="caret-color:
rgb(0, 0, 0); font-family: Helvetica; font-size: 18px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; text-align:
start; text-indent: 0px; text-transform: none;
white-space: normal; word-spacing: 0px;
-webkit-text-stroke-width: 0px; text-decoration: none;"
class="">
<br style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 18px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none;" class="">
<span style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 18px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none; float: none; display: inline
!important;" class="">Xuelei</span><br
style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 18px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none;" class="">
<br style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 18px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none;" class="">
<blockquote type="cite" style="font-family: Helvetica;
font-size: 18px; font-style: normal; font-variant-caps:
normal; font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-size-adjust: auto;
-webkit-text-stroke-width: 0px; text-decoration: none;"
class="">
<blockquote type="cite" class="">
<blockquote type="cite" class="">It is my
understanding that the property only affects the
*default* protocol’s ( not the supported protocols )
of the *default* context. That is, the context
returned by `SSLContext.getInstance("Default”)`,<br
class="">
</blockquote>
It is correct that the property impact the default
SSLContext only. The default SSLContext instance
could get from:<br class="">
SSLContext.getInstance("Default");<br class="">
SSLContext.getInstance("TLS");<br class="">
SSLContext.getInstance("DTLS”);<br class="">
</blockquote>
Thanks for this clarification.<br class="">
<blockquote type="cite" class=""><br class="">
<blockquote type="cite" class="">and the protocol
values returned by the following invocation on that
context `getDefaultSSLParameters().getProtocols()`.
Is this correct? If not, what does it do?<br
class="">
</blockquote>
Yes.<br class="">
</blockquote>
Thanks,<br class="">
-Chris.</blockquote>
</div>
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<br>
</body>
</html>