Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8273149

Call X509KeyManager.chooseClientAlias once for all key types

    XMLWordPrintable

Details

    • CSR
    • Resolution: Approved
    • P3
    • 18
    • security-libs
    • None
    • behavioral
    • minimal
    • None.
    • Other
    • Implementation

    Description

      Summary

      Restructure TLS implementation so that in the client authentication case the X509KeyManager.chooseClientAlias method is only called once even if the server accepts multiple key algorithms.

      Problem

      We used to call this method only once before TLS 1.2 but now it's called once for each server accepted key algorithm, which could be unfriendly in user experience.

      For example, suppose the application's X509KeyManager.chooseClientAlias implementation shows up a dialog box asking a client to choose an alias. Before this fix, the dialog would pop up multiple times. Also, since each dialog box only displays aliases for one key algorithm, user is likely to choose a suboptimal alias in the 1st dialog if his most preferred alias is using another algorithm.

      Solution

      Modify the authentication logic so a single call is performed for all accepted algorithms.

      Specification

      No spec change, but this is a behavior change.

      Attachments

        Issue Links

          csr of

          Bug - A problem which impairs or prevents the functions of the product. JDK-8262186 Call X509KeyManager.chooseClientAlias once for all key types

          • P3 - Major loss of function.
          • Closed

          Activity

            People

              weijun Weijun Wang
              webbuggrp Webbug Group
              Xuelei Fan
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: