Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8217993

Configurable extensions with system properties

    Details

    • Type: CSR
    • Status: Draft
    • Priority: P3
    • Resolution: Unresolved
    • Fix Version/s: tbd
    • Component/s: security-libs
    • Labels:
      None

      Description

      Summary

      Propose to support configurable extensions with system properties.

      Problem

      The TLS protocols are designed to tolerant unknown TLS extensions. However, although it is not common, there are a few TLS implementations that cannot handle unknown extensions properly. As results in unexpected interoperability issue when new extensions are introduced in JDK. The interoperability impact could be mitigated If applications can customize the extensions if needed.

      Applications may not be able to update the source code. It is more convenient if applications can customize the default extensions with system properties.

      Solution

      Add two system properties to configure the default extensions in either client or server side of TLS connections.

      Specification

      "jdk.tls.client.disallowedExtension" "jdk.tls.server.disallowedExtension"

      The property string is a list of comma separated standard TLS extension names. The syntax of the property string can be described as this Java BNF-style:

      DisallowedExtensions: ('"' TLSExtensionNames '"') | TLSExtensionNames TLSExtensionNames: TLSExtensionName { , TLSExtensionName } TLSExtensionName: (see below)

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                xuelei Xue-Lei Fan
                Reporter:
                webbuggrp Webbug Group
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated: