Release Note: New System Property Added to Enable the OCSP Nonce Extension

XMLWordPrintable

    • Type: Sub-task
    • Resolution: Delivered
    • Priority: P4
    • 17
    • Affects Version/s: 17
    • Component/s: security-libs

      A new system property, `jdk.security.certpath.ocspNonce`, has been added to enable the OCSP Nonce Extension. This system property is disabled by default, and can be enabled by setting it to the value `true`. If set to `true`, the JDK implementation of `PKIXRevocationChecker` includes a nonce extension containing a 16 byte nonce with each OCSP request. See [RFC 8954](https://tools.ietf.org/html/rfc8954) for more details on the OCSP Nonce Extension.

            Assignee:
            Haimay Chao
            Reporter:
            Haimay Chao
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: