Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8311596

Add separate system properties for TLS server and client for maximum chain length

XMLWordPrintable

    • Icon: Enhancement Enhancement
    • Resolution: Fixed
    • Icon: P3 P3
    • 22
    • 7-pool, 8-pool, 11-pool, 15-pool, 16-pool, 17-pool, 20-pool, 21-pool
    • security-libs

      Add support for separate TLS client vs server certificate chain lengths, as opposed to (and in addition to) the current single global limit configured via jdk.tls.maxCertificateChainLength.

      Provide new system properties: jdk.tls.client.maxInboundCertificateChainLength and jdk.tls.server.maxInboundCertificateChainLength.
      - jdk.tls.client.maxInboundCertificateChainLength property: when in client side, it enforces a maximum certificate chain length accepted from servers.
      - jdk.tls.server.maxInboundCertificateChainLength property: when in server side, it enforces a maximum certificate chain length accepted from clients.

        There are no Sub-Tasks for this issue.

            hchao Haimay Chao
            mullan Sean Mullan
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: