-
Enhancement
-
Resolution: Fixed
-
P3
-
6
-
beta
-
generic
-
generic
For HTTPS connections, JSSE performs two different checks to authenticate a server when using X.509 based ciphersuites:
. certificate chain validation, performed using X509TrustManager during the SSL handshake
. server host name checking, performed using code in the HTTPS implementation and a HostnameVerifier after the SSL handshake
These two separate checks at different times create an UI complication for applications like the Java Plugin. The Plugin team has requested that they be combined into a single call that they can handle. The best way to do that might be to add optional hostname verification to the SSLSocket code and check it during the handshake.
###@###.### 2005-2-05 02:22:34 GMT
. certificate chain validation, performed using X509TrustManager during the SSL handshake
. server host name checking, performed using code in the HTTPS implementation and a HostnameVerifier after the SSL handshake
These two separate checks at different times create an UI complication for applications like the Java Plugin. The Plugin team has requested that they be combined into a single call that they can handle. The best way to do that might be to add optional hostname verification to the SSLSocket code and check it during the handshake.
###@###.### 2005-2-05 02:22:34 GMT