-
Sub-task
-
Resolution: Delivered
-
P4
-
8u321, 11.0.14-oracle, 17
-
Verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8289168 | 11.0.14-oracle | Clifford Wayne | P4 | Closed | Delivered | |
| JDK-8289167 | 8u321 | Clifford Wayne | P4 | Closed | Delivered |
Two new system properties have been added. The system property, `jdk.tls.client.disableExtensions`, is used to disable TLS extensions used in the client. The system property, `jdk.tls.server.disableExtensions`, is used to disable TLS extensions used in the server. If an extension is disabled, it will be neither produced nor processed in the handshake messages.
The property string is a list of comma separated standard TLS extension names, as registered in the IANA documentation (for example, server_name, status_request, and signature_algorithms_cert). Note that the extension names are case sensitive. Unknown, unsupported, misspelled and duplicated TLS extension name tokens will be ignored.
Please note that the impact of blocking TLS extensions is complicated. For example, a TLS connection may not be able to be established if a mandatory extension is disabled. Please do not disable mandatory extensions, and do not use this feature unless you clearly understand the impact.
The property string is a list of comma separated standard TLS extension names, as registered in the IANA documentation (for example, server_name, status_request, and signature_algorithms_cert). Note that the extension names are case sensitive. Unknown, unsupported, misspelled and duplicated TLS extension name tokens will be ignored.
Please note that the impact of blocking TLS extensions is complicated. For example, a TLS connection may not be able to be established if a mandatory extension is disabled. Please do not disable mandatory extensions, and do not use this feature unless you clearly understand the impact.
- backported by
-
-
- Closed
-
-
-
- Closed
-