Code review request, 7188658 Add possibility to disable client initiated renegotiation

Xuelei Fan xuelei.fan at oracle.com
Tue Jun 18 22:16:26 PDT 2013


On 6/19/2013 12:09 PM, Matthew Hall wrote:
> I think it would be better if the property did use JSSE prefix, because other crypto providers will likely also want to adjust their own renegotiation behavior based on the value of the property. Thanks for contributing this useful security improvement to JSSE.
> 
Other providers can follow "jdk.tls" properties.  In order to mitigate
the miss-understanding of the scope of the properties, "jsse" prefix
should not be used in provider level libraries (for example, Oracle JSSE
provider).  If a third party provider does not support the "jsse"
property, it is easy to get confused.

Xuelei



More information about the security-dev mailing list