H Simone,
There is no change for the SSLSocket.startHandshake() and
SSLEngine.beginHandshake() specification. They are can be used for new
handshake and key update.
We want the specification independent from TLS versions as much as
possible. An application developer only need to know the
functionalities, but not necessarily to understand the TLS protocol details.
For TLS 1.2 and prior versions, the key update is performed with
renegotiation; for TLS 1.3, it is the KeyUpdate post-handshake.
Thanks,
Xuelei
On 8/27/2018 2:37 AM, Simone Bordet wrote:
Hi,
SSLSocket.startHandshake() and SSLEngine.beginHandshake() are similar
in that they start the TLS handshake, but they can also be used after
the TLS handshake.
SSLSocket.startHandshake() Javadoc seems to be more generic,
describing that the method may not only start a new handshake but also
be used to update encryption keys etc.
Especially in light of TLS 1.3 where renegotiation is forbidden, I
would like the Javadoc of these method to align and describe exactly
when they do with respect to the TLS protocol version.
Thanks!
