Xuelei,
On 30/10/18 20:55, Xuelei Fan wrote:
Hi,
For the current HttpsURLConnection, there is not much security
parameters exposed in the public APIs. An application may need richer
information for the underlying TLS connections, for example the
negotiated TLS protocol version.
Please let me know if you have concerns to add a new method
HttpsURLConnection.getSSLSession() and deprecate the duplicated methods,
by the end of Nov. 2, 2018.
Here is the proposal:
https://bugs.openjdk.java.net/browse/JDK-8213161
Thanks,
Xuelei
The new method looks fine.
On the deprecation, minimally the annotation should contain
the "since" element, which will have a value of `12`.
Also, I wonder, now that I see the spec, whether or not it is
actually a good idea to deprecate these methods. The reason
I ask this is that the new method, getSSLSession, can throw
UOE, which effectively makes it an optional method. Access
to the specific security parameters provided by the existing
methods is non-optional. This is a clear difference, and
possibly a reason, for folk not interested in the "new"
parameters, to continue to use the existing methods.
-Chris
