-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P3
-
Affects Version/s: 11, 12
-
Component/s: security-libs
-
b08
-
Not verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8230584 | 11.0.6-oracle | Xuelei Fan | P3 | Resolved | Fixed | b01 |
| JDK-8233079 | 11.0.6 | Xuelei Fan | P3 | Resolved | Fixed | b01 |
| JDK-8236135 | openjdk8u252 | Xuelei Fan | P3 | Resolved | Fixed | b01 |
| JDK-8249740 | 8u261 | Prasadarao Koppula | P3 | Resolved | Fixed |
sun/security/ssl/ClientHello.java lines 522 and 1039.
The check for a resumed session's endpoint ID algorithm (getIdentificationProtocol()) is done using Objects.equals, which is case-sensitive. However, endpoint identification algorithms are actually recognized case-insensitively.
The check for a resumed session's endpoint ID algorithm (getIdentificationProtocol()) is done using Objects.equals, which is case-sensitive. However, endpoint identification algorithms are actually recognized case-insensitively.
- backported by
-
JDK-8230584 endpoint identification algorithm should be case-insensitive
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-