(2nd round) Proposed API Changes for JEP 114: TLS Server Name Indication (SNI) Extension (original) (raw)
Xuelei Fan xuelei.fan at oracle.com
Mon Aug 13 10:44:03 UTC 2012
- Previous message (by thread): (2nd round) Proposed API Changes for JEP 114: TLS Server Name Indication (SNI) Extension
- Next message (by thread): (2nd round) Proposed API Changes for JEP 114: TLS Server Name Indication (SNI) Extension
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 8/12/2012 8:52 PM, Xuelei Fan wrote:
SSLParameters.java > ================== > > One general question before we get to specifics. Your current default > behavior of the SunJSSE is to add a SNI extension if we have the value > available. So if we call: > > sslSocket = socketFactory.createSocket("www.example.com", 443); > sslp = sslParameters.getSSLParameters(); > > will this sslParameters ever contain a map with preinstalled "hostname" > set to "www.example.com", or will it be empty? I think the answer will > be empty. This API is just a way to force setting the value if an > implementation select an unwanted value. > No, it is not empty. The default value will appear in the SSLParameters in my prototype implementation. Thought more about the design, I would have to say that we cannot return the default value in sslParameters.getServerNames(). Otherwise, the following two block of codes look very weird to me: // case one: 1 SSLparameters sslParameters = sslSocket.getSSLParameters(); 2 sslParameters.clearServerName("host_name"); 3 Map<String, String> names = sslParameters.getServerNames(); 4 sslSocket.setSSLParameters(sslParameters); 5 sslParameters = sslSocket.getSSLParameters(); 6 names = sslParameters.getServerNames();
In line 3, the returned map does not contain "host_name" entry. But in line 6, it may be expected that no "host_name" in the returned map. But if we want to return default values, line 6 do need to return a map containing "host_name". The behavior is pretty confusing. We may want to try avoid the confusion.
And there are similar concerns at line 4 and 7 in the 2nd case: // case two: 1 SSLparameters sslParameters = new SSLParameters(); 2 sslParameters.setServerName("host_name", "www.example.com"); 3 sslParameters.clearServerName("host_name"); 4 Map<String, String> names = sslParameters.getServerNames(); 5 sslSocket.setSSLParameters(sslParameters); 6 sslParameters = sslSocket.getSSLParameters(); 7 names = sslParameters.getServerNames();
I will describe it explicit in the spec that the default values will not show in the map.
Xuelei
But that's an interesting topic to discuss as there are a few concerns I have to consider when I design the APIs.
There are public SSLParameters constructors. As means that an instance of SSLParameters is not always got from a SSLSocket or SSLEngine instance. Then we are not always able to have the default value of an instance of SSLSocket/SSLEngine into SSLParameters if it is not bound to SSLSocket/SSLEngine. So we still need to discuss about how the user specified values work with the default ones. SSLParameters sslParameters = new SSLParameters(); ... sslSocket.setSSLParameters(sslParameters);
- Previous message (by thread): (2nd round) Proposed API Changes for JEP 114: TLS Server Name Indication (SNI) Extension
- Next message (by thread): (2nd round) Proposed API Changes for JEP 114: TLS Server Name Indication (SNI) Extension
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]