Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8347749

Compatible OCSP readtimeout property with OCSP timeout

XMLWordPrintable

    • behavioral
    • minimal
    • Hide
      This is a very low risk change. The timeout property prior to the readtimeout addition would be used to set both the connection and read timeout values on the URI object. So this change makes newer versions behave a little closer to the original behavior of OCSP fetches with respect to timeout values. Since it only affects default values of this new readtimeout property, the user always has the option to set it to whatever value is best for their environment should the default value not be ideal.
      Show
      This is a very low risk change. The timeout property prior to the readtimeout addition would be used to set both the connection and read timeout values on the URI object. So this change makes newer versions behave a little closer to the original behavior of OCSP fetches with respect to timeout values. Since it only affects default values of this new readtimeout property, the user always has the option to set it to whatever value is best for their environment should the default value not be ideal.
    • System or security property
    • JDK

      Summary

      Bring the default behavior of the com.sun.security.ocsp.readtimeout System property into line with the changes in JDK-17u.

      Problem

      When the JDK-17u backports of JDK-8179502 were being done, a change from the original fix was introduced. The default value of the com.sun.security.ocsp.readtimeout System property defaults to the value of com.sun.security.ocsp.timeout rather than have its own internally set default of 15000ms per the original fix.

      After much discussion, it was decided to proceed with this new change in 17u and then forward-port this change into later versions of the JDK in order to keep parity between 17u and newer releases.

      Solution

      The default value for the com.sun.security.ocsp.readtimeout System property will be the same as whatever value is set for the com.sun.security.ocsp.timeout property, even if the latter property is not set (in which case both properties will be set to the default value of com.sun.security.ocsp.timeout)

      Specification

      There are no API changes as a result of this issue.

            jnimeh Jamil Nimeh
            jnibedita Nibedita Jena
            Sean Mullan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: