Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8273149

Call X509KeyManager.chooseClientAlias once for all key types

XMLWordPrintable

    • Icon: CSR CSR
    • Resolution: Approved
    • Icon: P3 P3
    • 18
    • security-libs
    • None
    • behavioral
    • minimal
    • None.
    • Other
    • Implementation

      Summary

      Restructure TLS implementation so that in the client authentication case the X509KeyManager.chooseClientAlias method is only called once even if the server accepts multiple key algorithms.

      Problem

      We used to call this method only once before TLS 1.2 but now it's called once for each server accepted key algorithm, which could be unfriendly in user experience.

      For example, suppose the application's X509KeyManager.chooseClientAlias implementation shows up a dialog box asking a client to choose an alias. Before this fix, the dialog would pop up multiple times. Also, since each dialog box only displays aliases for one key algorithm, user is likely to choose a suboptimal alias in the 1st dialog if his most preferred alias is using another algorithm.

      Solution

      Modify the authentication logic so a single call is performed for all accepted algorithms.

      Specification

      No spec change, but this is a behavior change.

            weijun Weijun Wang
            webbuggrp Webbug Group
            Xuelei Fan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: