JEP Review Request: TLS Application-Layer Protocol Negotiation Extension

[Bradford Wetmore]

The draft JEP “TLS Application-Layer Protocol Negotiation Extension” is 
now available for community review:


   https://bugs.openjdk.java.net/browse/JDK-8051498

This JEP is to add support for the Application Layer Protocol 
Negotiation (ALPN) TLS Hello extension [1] in JSSE. ALPN provides a 
mechanism for declaring the application protocols that are supported 
over a TLS connection.


We need this functionality to make JDK 9, so this JEP needs to get into 
the JEP pipeline soon.  Community review is a precursor in the process 
before it can move to "Submitted."


For now, there is a simple API proposed (similar to JDK 8 SNI), but I'm 
parsing the discussions that took place on security-dev in August[2], 
September[3], and November 2014[4], and the current API is likely not 
flexible enough.


Thanks,

Brad

[1] http://www.rfc-editor.org/rfc/rfc7301.txt

[2] 
http://mail.openjdk.java.net/pipermail/security-dev/2014-August/thread.html
[3] 
http://mail.openjdk.java.net/pipermail/security-dev/2014-September/thread.html


Subject: TLS extensions API, ALPN and HTTP 2.0

[4] 
http://mail.openjdk.java.net/pipermail/security-dev/2014-November/thread.html


Subject: ALPN API Proposal
Subject: A fully fledged TLS Extensions API ?
Subject: ALPN & HTTP2

RFR 8071643: sun.security.krb5.KrbApReq.authenticate() is not thread safe

[Weijun Wang]

Hi All

Please review the code change at

  http://cr.openjdk.java.net/~weijun/8071643/webrev.00/

The static field is removed and a local MessageDigest is used. The 
getInstance() method might spend some time but since there are already 
quite some cipher and checksum operations during an AP-REQ receive, this 
change does not make much difference.


No reg, could be -hard and -trivial.

Thanks
Max