[8u] RFR 8202343: Disable TLS 1.0 and 1.1
Martin Balao
mbalao at redhat.com
Fri Jan 22 19:27:30 UTC 2021
Hi Severin,
I appreciate your thoughts.
On 1/22/21 1:10 PM, Severin Gehwolf wrote:
> The basis of my suggestion to pull in that dep first was that the
> backport of JDK-8234728 would be reasonable straight-forward. It sounds
> like it isn't. Given the aforementioned, that it's a hunk to test-only
> files missing and on the grounds that this patch only adds a hunk to
> re-enable old TLS like this:
>
> + // Re-enable protocol if disabled.
> + if (protocol.equals("TLSv1") || protocol.equals("TLSv1.1")) {
> + SecurityUtils.removeFromDisabledTlsAlgs(protocol);
> + }
>
> it should be reasonable to omit those and get 8202343 in. Please add a
> comment on JDK-8234728 to that effect. This would ensure that those
> hunks will get added should JDK-8234728 get backported later.
>
Yes, we are on the same page here. Before arguing against a dependency I
usually try to apply the patch and run the tests: if it's low-hanging
fruit and low risk, I go with it. Otherwise, I look at whether it's
fundamental or not. I should have been more explicit about that in my
first comment.
Anyways, now that the time for backporting 8234728 to 8u has been
invested (and the knowledge is fresh), I'll go with it.
Regards,
Martin.-
More information about the jdk8u-dev
mailing list