-
Type:
Enhancement
-
Resolution: Unresolved
-
Priority:
P3
-
None
-
Affects Version/s: None
-
Component/s: security-libs
-
None
A DESCRIPTION OF THE REQUEST :
During TLS Handshake server/client can verify status of the peer certificate with OCSP/CRL server. These servers could be connected through proxy. Current API allows to setup per-connection proxy for individual TLS connection (using java.net.URL.openConnection(Proxy) method) but it is not possible to setup per-connection proxy to OCSP responder/CRL server inside TLS handshake.
The proposal is to extend SSLParameters class with proxy configuration for OCSP/CRL server. This proxy configuration, if specified, will have higher priority in comparison with system wide "http.proxyHost"/"http.proxyPort" properties or default/custom ProxySelector implementation.
SSLParameters class can be used with server and client connection, SSLEngine, SSLSocket and HttpClient based implementation. So, SSLParameters class seems a right place to add proxy configuration for OCSP/CRL server
During TLS Handshake server/client can verify status of the peer certificate with OCSP/CRL server. These servers could be connected through proxy. Current API allows to setup per-connection proxy for individual TLS connection (using java.net.URL.openConnection(Proxy) method) but it is not possible to setup per-connection proxy to OCSP responder/CRL server inside TLS handshake.
The proposal is to extend SSLParameters class with proxy configuration for OCSP/CRL server. This proxy configuration, if specified, will have higher priority in comparison with system wide "http.proxyHost"/"http.proxyPort" properties or default/custom ProxySelector implementation.
SSLParameters class can be used with server and client connection, SSLEngine, SSLSocket and HttpClient based implementation. So, SSLParameters class seems a right place to add proxy configuration for OCSP/CRL server
- csr for
-
JDK-8256409 Setup per-connection proxy for Revocation Checker
-
- Draft
-