Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8265247

Add ExtendedSSLSession.getEndpointIdentificationAlgorithm method

    XMLWordPrintable

    Details

      Description

      A DESCRIPTION OF THE PROBLEM :
      It would be convenient for external HostnameVerifier implementations to be able to check whether e.g. HTTPS endpoint identification was enabled on a session, so as to avoid duplicate endpoint identification checking per RFC 2818 (https://tools.ietf.org/html/rfc2818).

      Arguably this is also safer. Client code can try to externally track whether it has enabled endpoint identification using SSLParameters.setEndpointIdentificationAlgorithm (together with SSLEngine.setSSLParameters or SSLSocket.setSSLParameters), however a typical larger project has many places where that configuration could take place, often delegating to third-party libraries. In such cases it becomes difficult, at least fragile, to be sure that you have captured the ultimate setting taking effect for the session. Client code that mistakenly believes it has enabled endpoint identification might skip checks altogether.

      In contrast, accessing it directly from the session is simple and reliable.

      This information is already trivially available in the existing SSLSessionImpl class (field 'identificationProtocol') and I am not aware of any security implications of exposing this value.

      Therefore I propose adding a new method to the JSSE API:
          package javax.net.ssl;
          ...
          public abstract class ExtendedSSLSession ... {
              ...
              String getEndpointIdentificationAlgorithm() {
                   throw new UnsupportedOperationException();
              }
          }



        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            webbuggrp Webbug Group
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: