Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8223310

Configurable read timeout for CRLs

XMLWordPrintable

    • Icon: CSR CSR
    • Resolution: Approved
    • Icon: P4 P4
    • 13
    • security-libs
    • None
    • behavioral
    • minimal
    • System or security property
    • JDK

      Summary

      Provide a system property for configuring the read timeout for Certificate Revocation Lists (CRLs).

      Problem

      There is currently no read timeout when downloading CRLs from a URL. For security and performance reasons, there should be a default timeout and a way for users to configure the timeout.

      Solution

      Add a system property named "com.sun.security.crl.readtimeout" with a default value of 15 seconds. The name is chosen to be consistent with the existing "com.sun.security.crl.timeout" system property which controls the connection timeout.

      Specification

      The com.sun.security.crl.readtimeout system property sets the maximum read timeout for CRL retrievals, in seconds. If the property has not been set, or if its value is negative, it is set to the default value of 15 seconds. A value of 0 means an infinite timeout.

      This property will be documented in the Release Notes and the PKI Programmer's Guide.

            mullan Sean Mullan
            webbuggrp Webbug Group
            Xuelei Fan
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: