Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8311596

Add separate system properties for TLS server and client for maximum chain length

    XMLWordPrintable

Details

    • Enhancement
    • Resolution: Fixed
    • P3
    • 22
    • 7-pool, 8-pool, 11-pool, 15-pool, 16-pool, 17-pool, 20-pool, 21-pool
    • security-libs

    Description

      Add support for separate TLS client vs server certificate chain lengths, as opposed to (and in addition to) the current single global limit configured via jdk.tls.maxCertificateChainLength.

      Provide new system properties: jdk.tls.client.maxInboundCertificateChainLength and jdk.tls.server.maxInboundCertificateChainLength.
      - jdk.tls.client.maxInboundCertificateChainLength property: when in client side, it enforces a maximum certificate chain length accepted from servers.
      - jdk.tls.server.maxInboundCertificateChainLength property: when in server side, it enforces a maximum certificate chain length accepted from clients.

      Attachments

        Issue Links

          csr for

          CSR - null JDK-8313236 Add separate system properties for TLS server and client for maximum chain length

          • P3 - Major loss of function.
          • Closed
          links to

          Commit Commit openjdk/jdk/0064cf90

          Review Review openjdk/jdk/15163

          Activity

            People

              hchao Haimay Chao
              mullan Sean Mullan
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: