Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8139586

Deprecate allowUnsafeRenegotiation and allowLegacyHelloMessages properties

    XMLWordPrintable

    Details

    • Type: Enhancement
    • Status: Open
    • Priority: P3
    • Resolution: Unresolved
    • Affects Version/s: 9
    • Fix Version/s: None
    • Component/s: security-libs

      Description

      The security libraries contain system properties to allow interoperability with old non compliant TLS applications. These properties have been around long enough and it's probably best to harden the JDK code and remove some of these old legacy properties.

      > *|sun.security.ssl.allowUnsafeRenegotiation|system property.
      > Setting this system property to|true|permits full (unsafe) legacy
      > renegotiation.

      > *|sun.security.ssl.allowLegacyHelloMessages|system property.
      > Setting this system property to|true|allows the peer to handshake
      > without requiring the proper RFC 5746 messages.

      See JSSE docs for further information : http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html

      It might be best to deprecate them in JDK 9 and remove them in JDK 10.

        Attachments

          Activity

            People

            Assignee:
            xuelei Xuelei Fan
            Reporter:
            coffeys Sean Coffey
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated: