> As described in the bug, by connecting the SSLEngine with a misbehaving peer
> SSL implementation, it can get into a state where it calling `wrap` reports
> getStatus == OK, getHandshakeStatus === NEED_WRAP but still doesn't produce
> any further output. It happens when the output bound is
Hi Lim and Ron,
Some information about JFR that can be pertinent to this discussion:
JFR is flexible when it comes to control, with many entry points: command-line,
jcmd, JMX, and programmatically via the Java API which I think is relevant for
your use case [1] [2].
There is currently no
On Thu, 3 Dec 2020 23:44:20 GMT, Magnus Ihse Bursie wrote:
> A lot (but not all) of the data in make/data is tied to a specific module.
> For instance, the publicsuffixlist is used by java.base, and fontconfig by
> java.desktop. (A few directories, like mainmanifest, is *actually* used by
>
On Tue, 20 Apr 2021 11:54:39 GMT, Sean Coffey wrote:
> Trivial enough change. Improved the exception thrown from JceKeyStore also.
src/java.base/share/classes/sun/security/provider/JavaKeyStore.java line 290:
> 288:
> 289: // Protect the encoding of the key
> 290:
P.S.
In your hypothetical scenario you’re treating the library as untrusted code. In
that
case, even today Security Manager is not the best option because correctly
creating
a sandbox that is both hermetically secure against *untrusted* code (i.e.
possibly malicious)
and allows it to use a
Using JFR does not require that command-line option; it’s required only for
specific kinds
of use. Its current events might be not have everything you want, but will be
expanded, in
part to address the functionality that will be lost with the removal of
Security Manager. And
yes, I believe it
> Monitoring network connections can be done with JFR. It will tell you which
> classes
> perform the connections. It does not require a Java agent.
Hi Ron, I read about the JFR and it required a command line argument
"-XX:StartFlightRecording" and it is not suitable since it is
distributed to
Monitoring network connections can be done with JFR. It will tell you which
classes
perform the connections. It does not require a Java agent.
Setting up the SM to *block* connections while also not allowing those
libraries to
disable the SM is not very easy. Those libraries are trusted, and
