On Fri, 14 Jan 2022 18:40:41 GMT, Michael McMahon <micha...@openjdk.org> wrote:
>> src/java.base/share/classes/sun/net/www/http/HttpClient.java line 152: >> >>> 150: * If enabled (for a particular destination) then SPNEGO >>> authentication requests will include >>> 151: * a channel binding token for the destination server. The default >>> behavior and setting for the >>> 152: * property is "never" >> >> Maybe this description should be added to >> `src/java.base//share/classes/java/net/doc-files/net-properties.html` too? > > It's actually a purely system property rather than a Net property at the > moment (same as the other spnego ones). Maybe, I should convert them all to > net properties, so they can be documented/set in that file? This system property should only be used for TLS, and the CBT can be used in both the SPNEGO mechanism and the Kerberos 5 mechanism. Therefore I suggest the name should probably contain "tls" (or maybe "https") and "negotiate". BTW, will you reuse this system property if we decide to support CBT in NTLM as well? ------------- PR: https://git.openjdk.java.net/jdk/pull/7065
