Code review request, 7188658 Add possibility to disable client initiated renegotiation (original) (raw)
Weijun Wang weijun.wang at oracle.com
Fri Jun 14 01:39:17 UTC 2013
- Previous message (by thread): Code review request, 7188658 Add possibility to disable client initiated renegotiation
- Next message (by thread): Code review request, 7188658 Add possibility to disable client initiated renegotiation
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
What is this for?
state != HandshakeMessage.ht_hello_request-Max
On 6/13/13 5:05 PM, Xuelei Fan wrote:
Ping again.
The new system property name is "jdk.tls.rejectClientInitializedRenego". webrev: http://cr.openjdk.java.net/~xuelei/7188658/webrev.01/ Thanks, Xuelei On 5/29/2013 11:43 PM, Xuelei Fan wrote: A new system property, "jsse.rejectClientInitializedRenego", is introduced to reject client initialized renegotiation in server side. If the system property is set to "true", server side should not accept client initialized renegotiation, and is expected to fail with a fatal handshakefailure alert if receiving client initialized renegotiation request.
The default value of the system property is "false". It is expected that other JSSE providers also comply to this specification. The usage of the system property in client side is not defined. >From the long run, the industry should move forward to secure renegotiation. So we will not consider to support this enhancement with new Java class or method. Xuelei On 5/29/2013 11:39 PM, Xuelei Fan wrote: Hi,
This fix is an enhancement to add the ability in JSSE server side to reject client initialized renegotiation. webrev: http://cr.openjdk.java.net/~xuelei/7188658/webrev.00/ Thanks, Xuelei
- Previous message (by thread): Code review request, 7188658 Add possibility to disable client initiated renegotiation
- Next message (by thread): Code review request, 7188658 Add possibility to disable client initiated renegotiation
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]