Code review request, 7188658 Add possibility to disable client initiated renegotiation

Xuelei Fan at
Tue Jun 18 22:16:26 PDT 2013

On 6/19/2013 12:09 PM, Matthew Hall wrote:
> I think it would be better if the property did use JSSE prefix, because other crypto providers will likely also want to adjust their own renegotiation behavior based on the value of the property. Thanks for contributing this useful security improvement to JSSE.
Other providers can follow "jdk.tls" properties.  In order to mitigate
the miss-understanding of the scope of the properties, "jsse" prefix
should not be used in provider level libraries (for example, Oracle JSSE
provider).  If a third party provider does not support the "jsse"
property, it is easy to get confused.


More information about the security-dev mailing list