RFR: 8296820: Add implementation note to SSLContext.getInstance noting subsequent behavior if protocol is disabled
Sean Mullan
mullan at openjdk.org
Wed Nov 16 16:34:08 UTC 2022
On Tue, 15 Nov 2022 17:41:19 GMT, Sean Mullan <mullan at openjdk.org> wrote:
> Please review this PR to add an implementation note to the`SSLContext.getInstance` methods to document the behavior when a protocol is disabled.
> _Mailing list message from [Xuelei Fan](mailto:xuelei.f at gmail.com) on [security-dev](mailto:security-dev at mail.openjdk.org):_
>
> > The wording in this PR specifically refers to the protocol version that
>
> was specified. It isn't covering other optional protocols that may be supported.
>
> Sorry, I may not make it clear. The protocol specified in SSLContext.getInstance is not TLS protocol version. I think the protocol disabled in security properties refers to protocol version.
Where in the javadoc APIs does it say that? I think the only assumption you can make is that the SSLContext that is returned supports the protocol version that was specified. Whether or not it supports other versions is completely implementation-specific AFAICT.
-------------
PR: https://git.openjdk.org/jdk/pull/11172
More information about the security-dev
mailing list