Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4961631

SSLEngine hostname being used not just for caching

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P2
    • Resolution: Fixed
    • Affects Version/s: 5.0
    • Fix Version/s: 5.0
    • Component/s: security-libs
    • Labels:
    • Subcomponent:
    • Resolved In Build:
      b40
    • CPU:
      sparc
    • OS:
      generic

      Description


      With the addition of Kerberos Cipher Suites to TLS, a TLS client needs to
      obtain a service ticket for the TLS server for Kerberos authentication.
      The service ticket follows the kerberos naming convention
      e.g host/machineName@realm. The hostname passed to the JSSE API is
      used to obtain the appropriate service ticket.

      As mentioned by Brad, with the addition of SSLEngine for non-blocking I/O,
      an SSLEngine can be initialized with or without hostname, since the
      hostname/port were being used only for caching.

      This would not work for Kerberos authentication in TLS, since the hostname
      is required to obtain the service ticket.







        Attachments

          Activity

            People

            Assignee:
            smalkanisunw Seema Malkani (Inactive)
            Reporter:
            smalkanisunw Seema Malkani (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: