Details
-
Bug
-
Resolution: Fixed
-
P3
-
1.4.0, 7
-
b140
-
generic
-
generic
-
Verified
Description
This is a problem which we should address in TLS 1.2, but applies to 1.1.
If an app wants to be a *CLIENT* and calls:
SSLContext.getInstance("TLSv1.1");
we're currently going to be returning an instance which won't have TLSv1.1 enabled by default. While technically ok by the Javadoc, I think we need to change that or we're going to have some surprised developers.
Probably the easiest is extend SSLContextImpl with SSLv3, TLS1, TLSv1.1, and TLSv1.2 variants:
public class TLSv11ContextImpl extends SSLContextImpl {
and then update SunJSSE to recognize it:
put("SSLContext.TLSv1.1",
"sun.security.ssl.TLSv11ContextImpl");
Then on creation of the SSLContextImpl, we enable the protocol by default.
return new SSLSocketFactoryImpl(this,
new String[] { "TLSv1.1", ...other suitable defaults...);
Need to integrate the update of CR 4619276 with this (to add a getDefaultProtocols/getSupportedProtocols to factories).
If an app wants to be a *CLIENT* and calls:
SSLContext.getInstance("TLSv1.1");
we're currently going to be returning an instance which won't have TLSv1.1 enabled by default. While technically ok by the Javadoc, I think we need to change that or we're going to have some surprised developers.
Probably the easiest is extend SSLContextImpl with SSLv3, TLS1, TLSv1.1, and TLSv1.2 variants:
public class TLSv11ContextImpl extends SSLContextImpl {
and then update SunJSSE to recognize it:
put("SSLContext.TLSv1.1",
"sun.security.ssl.TLSv11ContextImpl");
Then on creation of the SSLContextImpl, we enable the protocol by default.
return new SSLSocketFactoryImpl(this,
new String[] { "TLSv1.1", ...other suitable defaults...);
Need to integrate the update of CR 4619276 with this (to add a getDefaultProtocols/getSupportedProtocols to factories).
Attachments
Issue Links
- duplicates
-
JDK-4619276 could add a getDefaultProtocols/getSupportedProtocols to factories
- Closed
- relates to
-
JDK-8136713 [TEST_BUG] test/sun/security/ssl/javax/net/ssl/SSLContextVersion.java requires backport to JDK 6
- Closed
-
JDK-6996382 TLS 1.2 implementation cleanup
- Closed
-
JDK-7174244 NPE in Krb5ProxyImpl.getServerKeys()
- Closed
-
JDK-4873188 Support TLS 1.1
- Closed
-
JDK-6916074 Add support for TLS 1.2
- Closed
(1 relates to)