-
Type:
Bug
-
Status: Closed
-
Priority:
P3
-
Resolution: Fixed
-
Affects Version/s: 1.4.0, 7
-
Fix Version/s: 7
-
Component/s: security-libs
-
Labels:
-
Subcomponent:
-
Resolved In Build:b140
-
CPU:generic
-
OS:generic
-
Verification:Verified
This is a problem which we should address in TLS 1.2, but applies to 1.1.
If an app wants to be a *CLIENT* and calls:
SSLContext.getInstance("TLSv1.1");
we're currently going to be returning an instance which won't have TLSv1.1 enabled by default. While technically ok by the Javadoc, I think we need to change that or we're going to have some surprised developers.
Probably the easiest is extend SSLContextImpl with SSLv3, TLS1, TLSv1.1, and TLSv1.2 variants:
public class TLSv11ContextImpl extends SSLContextImpl {
and then update SunJSSE to recognize it:
put("SSLContext.TLSv1.1",
"sun.security.ssl.TLSv11ContextImpl");
Then on creation of the SSLContextImpl, we enable the protocol by default.
return new SSLSocketFactoryImpl(this,
new String[] { "TLSv1.1", ...other suitable defaults...);
Need to integrate the update of CR 4619276 with this (to add a getDefaultProtocols/getSupportedProtocols to factories).
If an app wants to be a *CLIENT* and calls:
SSLContext.getInstance("TLSv1.1");
we're currently going to be returning an instance which won't have TLSv1.1 enabled by default. While technically ok by the Javadoc, I think we need to change that or we're going to have some surprised developers.
Probably the easiest is extend SSLContextImpl with SSLv3, TLS1, TLSv1.1, and TLSv1.2 variants:
public class TLSv11ContextImpl extends SSLContextImpl {
and then update SunJSSE to recognize it:
put("SSLContext.TLSv1.1",
"sun.security.ssl.TLSv11ContextImpl");
Then on creation of the SSLContextImpl, we enable the protocol by default.
return new SSLSocketFactoryImpl(this,
new String[] { "TLSv1.1", ...other suitable defaults...);
Need to integrate the update of CR 4619276 with this (to add a getDefaultProtocols/getSupportedProtocols to factories).
- duplicates
-
JDK-4619276 could add a getDefaultProtocols/getSupportedProtocols to factories
-
- Closed
-
- relates to
-
JDK-8136713 [TEST_BUG] test/sun/security/ssl/javax/net/ssl/SSLContextVersion.java requires backport to JDK 6
-
- Closed
-
-
JDK-6996382 TLS 1.2 implementation cleanup
-
- Closed
-
-
JDK-7174244 NPE in Krb5ProxyImpl.getServerKeys()
-
- Closed
-
-
JDK-4873188 Support TLS 1.1
-
- Closed
-
-
JDK-6916074 Add support for TLS 1.2
-
- Closed
-
(1 relates to)