Mercurial Mercurial > jdk-sandbox / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/java.base/share/classes/sun/security/ssl/ClientHandshakeContext.java
branchJDK-8145252-TLS13-branch
changeset 56674 d2ba9e6f1cac
parent 56542 56aaa6cb3693
equal deleted inserted replaced
56673:fb6aa68ef1ab 56674:d2ba9e6f1cac 
    40      *     https://secure-resumption.com/tlsauth.pdf
 
    40      *     https://secure-resumption.com/tlsauth.pdf
 
    41      *
 
    41      *
 
    42      * Endpoint identification (See
 
    42      * Endpoint identification (See
 
    43      * SSLParameters.getEndpointIdentificationAlgorithm()) is a pretty nice
 
    43      * SSLParameters.getEndpointIdentificationAlgorithm()) is a pretty nice
 
    44      * guarantee that the server certificate change in renegotiation is legal.
 
    44      * guarantee that the server certificate change in renegotiation is legal.
 
    45      * However, endpoing identification is only enabled for HTTPS and LDAP
 
    45      * However, endpoint identification is only enabled for HTTPS and LDAP
 
    46      * over SSL/TLS by default.  It is not enough to protect SSL/TLS
 
    46      * over SSL/TLS by default.  It is not enough to protect SSL/TLS
 
    47      * connections other than HTTPS and LDAP.
 
    47      * connections other than HTTPS and LDAP.
 
    48      *
 
    48      *
 
    49      * The renegotiation indication extension (See RFC 5746) is a pretty
 
    49      * The renegotiation indication extension (See RFC 5746) is a pretty
 
    50      * strong guarantee that the endpoints on both client and server sides
 
    50      * strong guarantee that the endpoints on both client and server sides
 
    62      * Considering the compatibility impact and the actual requirements to
 
    62      * Considering the compatibility impact and the actual requirements to
 
    63      * support server certificate change in practice, the system property,
 
    63      * support server certificate change in practice, the system property,
 
    64      * jdk.tls.allowUnsafeServerCertChange, is used to define whether unsafe
 
    64      * jdk.tls.allowUnsafeServerCertChange, is used to define whether unsafe
 
    65      * server certificate change in renegotiation is allowed or not.  The
 
    65      * server certificate change in renegotiation is allowed or not.  The
 
    66      * default value of the system property is "false".  To mitigate the
 
    66      * default value of the system property is "false".  To mitigate the
 
    67      * compactibility impact, applications may want to set the system
 
    67      * compatibility impact, applications may want to set the system
 
    68      * property to "true" at their own risk.
 
    68      * property to "true" at their own risk.
 
    69      *
 
    69      *
 
    70      * If the value of the system property is "false", server certificate
 
    70      * If the value of the system property is "false", server certificate
 
    71      * change in renegotiation after a session-resumption abbreviated initial
 
    71      * change in renegotiation after a session-resumption abbreviated initial
 
    72      * handshake is restricted (See isIdentityEquivalent()).
 
    72      * handshake is restricted (See isIdentityEquivalent()).
jdk-sandbox