On Fri, 11 Dec 2020 23:20:34 GMT, Xue-Lei Andrew Fan <xue...@openjdk.org> wrote:
> The TLS protocols are designed to tolerant unknown TLS extensions. However, > although it is not common, there are a few TLS implementations that cannot > handle unknown extensions properly. As results in unexpected interoperability > issue when new extensions are introduced in JDK. The interoperability impact > could be mitigated If applications can customize the extensions if needed. > > With this update, two system properties are added to configure the default > extensions in either client or server side of TLS connections. Please note > that the impact of blocking TLS extensions is complicated. For example, a > TLS connection may not be able to established if a mandatory extension is > blocked. Please don't use this feature unless you clearly understand the > impact. > > Bug: https://bugs.openjdk.java.net/browse/JDK-8217633 > CSR: https://bugs.openjdk.java.net/browse/JDK-8217993 Where will the new properties be documented? In the CSR, it may be worth mentioning that the extension names are case sensitive. ------------- PR: https://git.openjdk.java.net/jdk/pull/1752
