Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8223310

Configurable read timeout for CRLs

    XMLWordPrintable

    Details

    • Type: CSR
    • Status: Closed
    • Priority: P4
    • Resolution: Approved
    • Fix Version/s: 13
    • Component/s: security-libs
    • Labels:
      None
    • Subcomponent:
    • Compatibility Kind:
      behavioral
    • Compatibility Risk:
      minimal
    • Interface Kind:
      System or security property
    • Scope:
      JDK

      Description

      Summary

      Provide a system property for configuring the read timeout for Certificate Revocation Lists (CRLs).

      Problem

      There is currently no read timeout when downloading CRLs from a URL. For security and performance reasons, there should be a default timeout and a way for users to configure the timeout.

      Solution

      Add a system property named "com.sun.security.crl.readtimeout" with a default value of 15 seconds. The name is chosen to be consistent with the existing "com.sun.security.crl.timeout" system property which controls the connection timeout.

      Specification

      The com.sun.security.crl.readtimeout system property sets the maximum read timeout for CRL retrievals, in seconds. If the property has not been set, or if its value is negative, it is set to the default value of 15 seconds. A value of 0 means an infinite timeout.

      This property will be documented in the Release Notes and the PKI Programmer's Guide.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mullan Sean Mullan
              Reporter:
              webbuggrp Webbug Group
              Reviewed By:
              Xue-Lei Fan
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: