Please Review: required security algorithms for Java SE 7 implementations
xuelei.fan at oracle.com
Thu Dec 16 20:25:36 PST 2010
On 12/17/2010 12:07 PM, Brad Wetmore wrote:
>> Brad, can you comment on the RFC 5746 support? Do you think we should
>> make the TLS_EMPTY_RENEGOTIATION_INFO_SCSV CipherSuite a requirement of
>> all Java 7 TLS 1.0 implementations?
> That's an excellent question. The RFC has been out less than a year,
> but it does address a significant issue. I'm inclined to say yes.
> Xuelei, do you have an opinion?
I would say yes. Thanks for the good question.
More information about the security-dev