Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6976117

SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled

    XMLWordPrintable

Details

    • b140
    • generic
    • generic
    • Verified

    Description

      This is a problem which we should address in TLS 1.2, but applies to 1.1.

      If an app wants to be a *CLIENT* and calls:

          SSLContext.getInstance("TLSv1.1");

      we're currently going to be returning an instance which won't have TLSv1.1 enabled by default. While technically ok by the Javadoc, I think we need to change that or we're going to have some surprised developers.

      Probably the easiest is extend SSLContextImpl with SSLv3, TLS1, TLSv1.1, and TLSv1.2 variants:

          public class TLSv11ContextImpl extends SSLContextImpl {

      and then update SunJSSE to recognize it:

              put("SSLContext.TLSv1.1",
                  "sun.security.ssl.TLSv11ContextImpl");

      Then on creation of the SSLContextImpl, we enable the protocol by default.

          return new SSLSocketFactoryImpl(this,
              new String[] { "TLSv1.1", ...other suitable defaults...);
      Need to integrate the update of CR 4619276 with this (to add a getDefaultProtocols/getSupportedProtocols to factories).

      Attachments

        Issue Links

          Activity

            People

              xuelei Xuelei Fan
              xuelei Xuelei Fan
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                Imported:
                Indexed: