-
Enhancement
-
Resolution: Won't Fix
-
P3
-
None
-
None
As I understand it, here's what is currently implemented in JDK8.
1. If https.protocols was set before the plugin/webstart starts, the JCP values are ignored. Otherwise https.protocols is set to the JCP values. A custom SSLSocketFactory is installed as the default:
./common/share/classes/com/sun/deploy/net/protocol/https/Handler.java:
javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
2. A regular plaintext socket will be created and connected to the server.
3. This default SSLSocketFactory will create a SSLSocket overlay.
4. If https.protocols is set, sslSocket.setEnabled(protocols) will be called, overriding whatever protocols were set by the SSLSocketFactory in place.
I disagree with the approach taken by deploy to use https.protocols instead of the default SSLSocketFactory do the protocol configuration. Deployment's customized SSLSocketFactory should set the JCP-specified values, and call setEnabledProtocols directly.
1. If https.protocols was set before the plugin/webstart starts, the JCP values are ignored. Otherwise https.protocols is set to the JCP values. A custom SSLSocketFactory is installed as the default:
./common/share/classes/com/sun/deploy/net/protocol/https/Handler.java:
javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
2. A regular plaintext socket will be created and connected to the server.
3. This default SSLSocketFactory will create a SSLSocket overlay.
4. If https.protocols is set, sslSocket.setEnabled(protocols) will be called, overriding whatever protocols were set by the SSLSocketFactory in place.
I disagree with the approach taken by deploy to use https.protocols instead of the default SSLSocketFactory do the protocol configuration. Deployment's customized SSLSocketFactory should set the JCP-specified values, and call setEnabledProtocols directly.