-
CSR
-
Resolution: Approved
-
P3
-
None
-
behavioral
-
minimal
-
None.
-
Other
-
Implementation
Summary
Restructure TLS implementation so that in the client authentication case the X509KeyManager.chooseClientAlias
method is only called once even if the server accepts multiple key algorithms.
Problem
We used to call this method only once before TLS 1.2 but now it's called once for each server accepted key algorithm, which could be unfriendly in user experience.
For example, suppose the application's X509KeyManager.chooseClientAlias
implementation shows up a dialog box asking a client to choose an alias. Before this fix, the dialog would pop up multiple times. Also, since each dialog box only displays aliases for one key algorithm, user is likely to choose a suboptimal alias in the 1st dialog if his most preferred alias is using another algorithm.
Solution
Modify the authentication logic so a single call is performed for all accepted algorithms.
Specification
No spec change, but this is a behavior change.
- csr of
-
JDK-8262186 Call X509KeyManager.chooseClientAlias once for all key types
- Closed