-
Bug
-
Resolution: Unresolved
-
P4
-
None
-
None
SSLSocket/SSLEngine have similar method calls to SSLParameters, and it's not clear that the SSLParameters are just a replacement for those calls.
http://mail.openjdk.java.net/pipermail/security-dev/2014-November/011430.html
> In the JDK there is a class named SSLParameters that contains some of
> the configuration values for TLS.
> Some of those are duplicated in SSLSocket and SSLEngine (e.g.
> wantClientAuth, needClientAuth, etc), with some temporal dependency
> (call this before the other, if I have to trust the comments of
> SSLSocketImpl.setHost()).
> Eventually all values get forwarded to the handshaker, but from the
> API point of view it's not very clear what API one should call (the
> one on SSLEngine or the one on SSLParameters), nor where the ALPN
> setup should be done.
Suggest we add some notes to the older SSLSocket/SSLEngine to encourage use of the SSLParameters.
http://mail.openjdk.java.net/pipermail/security-dev/2014-November/011430.html
> In the JDK there is a class named SSLParameters that contains some of
> the configuration values for TLS.
> Some of those are duplicated in SSLSocket and SSLEngine (e.g.
> wantClientAuth, needClientAuth, etc), with some temporal dependency
> (call this before the other, if I have to trust the comments of
> SSLSocketImpl.setHost()).
> Eventually all values get forwarded to the handshaker, but from the
> API point of view it's not very clear what API one should call (the
> one on SSLEngine or the one on SSLParameters), nor where the ALPN
> setup should be done.
Suggest we add some notes to the older SSLSocket/SSLEngine to encourage use of the SSLParameters.