-
Type:
New Feature
-
Resolution: Won't Fix
-
Priority:
P3
-
None
-
Affects Version/s: 7
-
Component/s: security-libs
-
None
-
generic
-
generic
We should investigate what is needed to fully support Extended Validation certificates in our SSL/TLS implementation. For example, we may want to enable revocation checking via OCSP by default (see 6869739) and add support for OCSP stapling (part of the TLS extensions RFC 3546) and perhaps new APIs and security dialogs that identify SSL/TLS connections that use EV certs.
See: http://cabforum.org/EV_Certificate_Guidelines_V11.pdf (GUIDELINES FOR THE ISSUANCE AND MANAGEMENT OF EXTENDED VALIDATION CERTIFICATES) for more specific information on EV certs.
See: http://cabforum.org/EV_Certificate_Guidelines_V11.pdf (GUIDELINES FOR THE ISSUANCE AND MANAGEMENT OF EXTENDED VALIDATION CERTIFICATES) for more specific information on EV certs.
- relates to
-
JDK-6869739 Cannot check revocation of single certificate without validating the entire chain
-
- Closed
-
-
JDK-8046106 JEP 116: Extended Validation SSL Certificates
-
- Closed
-