Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6976117

SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled

    Details

    • Subcomponent:
    • Resolved In Build:
      b140
    • CPU:
      generic
    • OS:
      generic
    • Verification:
      Verified

      Description

      This is a problem which we should address in TLS 1.2, but applies to 1.1.

      If an app wants to be a *CLIENT* and calls:

          SSLContext.getInstance("TLSv1.1");

      we're currently going to be returning an instance which won't have TLSv1.1 enabled by default. While technically ok by the Javadoc, I think we need to change that or we're going to have some surprised developers.

      Probably the easiest is extend SSLContextImpl with SSLv3, TLS1, TLSv1.1, and TLSv1.2 variants:

          public class TLSv11ContextImpl extends SSLContextImpl {

      and then update SunJSSE to recognize it:

              put("SSLContext.TLSv1.1",
                  "sun.security.ssl.TLSv11ContextImpl");

      Then on creation of the SSLContextImpl, we enable the protocol by default.

          return new SSLSocketFactoryImpl(this,
              new String[] { "TLSv1.1", ...other suitable defaults...);
      Need to integrate the update of CR 4619276 with this (to add a getDefaultProtocols/getSupportedProtocols to factories).

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                xuelei Xue-Lei Fan
                Reporter:
                xuelei Xue-Lei Fan
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: