equal
deleted
inserted
replaced
40 * https://secure-resumption.com/tlsauth.pdf |
40 * https://secure-resumption.com/tlsauth.pdf |
41 * |
41 * |
42 * Endpoint identification (See |
42 * Endpoint identification (See |
43 * SSLParameters.getEndpointIdentificationAlgorithm()) is a pretty nice |
43 * SSLParameters.getEndpointIdentificationAlgorithm()) is a pretty nice |
44 * guarantee that the server certificate change in renegotiation is legal. |
44 * guarantee that the server certificate change in renegotiation is legal. |
45 * However, endpoing identification is only enabled for HTTPS and LDAP |
45 * However, endpoint identification is only enabled for HTTPS and LDAP |
46 * over SSL/TLS by default. It is not enough to protect SSL/TLS |
46 * over SSL/TLS by default. It is not enough to protect SSL/TLS |
47 * connections other than HTTPS and LDAP. |
47 * connections other than HTTPS and LDAP. |
48 * |
48 * |
49 * The renegotiation indication extension (See RFC 5746) is a pretty |
49 * The renegotiation indication extension (See RFC 5746) is a pretty |
50 * strong guarantee that the endpoints on both client and server sides |
50 * strong guarantee that the endpoints on both client and server sides |
62 * Considering the compatibility impact and the actual requirements to |
62 * Considering the compatibility impact and the actual requirements to |
63 * support server certificate change in practice, the system property, |
63 * support server certificate change in practice, the system property, |
64 * jdk.tls.allowUnsafeServerCertChange, is used to define whether unsafe |
64 * jdk.tls.allowUnsafeServerCertChange, is used to define whether unsafe |
65 * server certificate change in renegotiation is allowed or not. The |
65 * server certificate change in renegotiation is allowed or not. The |
66 * default value of the system property is "false". To mitigate the |
66 * default value of the system property is "false". To mitigate the |
67 * compactibility impact, applications may want to set the system |
67 * compatibility impact, applications may want to set the system |
68 * property to "true" at their own risk. |
68 * property to "true" at their own risk. |
69 * |
69 * |
70 * If the value of the system property is "false", server certificate |
70 * If the value of the system property is "false", server certificate |
71 * change in renegotiation after a session-resumption abbreviated initial |
71 * change in renegotiation after a session-resumption abbreviated initial |
72 * handshake is restricted (See isIdentityEquivalent()). |
72 * handshake is restricted (See isIdentityEquivalent()). |