On Fri, 11 Dec 2020 23:20:34 GMT, Xue-Lei Andrew Fan <xue...@openjdk.org> wrote:
> The TLS protocols are designed to tolerant unknown TLS extensions. However, > although it is not common, there are a few TLS implementations that cannot > handle unknown extensions properly. As results in unexpected interoperability > issue when new extensions are introduced in JDK. The interoperability impact > could be mitigated If applications can customize the extensions if needed. > > With this update, two system properties are added to configure the default > extensions in either client or server side of TLS connections. Please note > that the impact of blocking TLS extensions is complicated. For example, a > TLS connection may not be able to established if a mandatory extension is > blocked. Please don't use this feature unless you clearly understand the > impact. > > Bug: https://bugs.openjdk.java.net/browse/JDK-8217633 > CSR: https://bugs.openjdk.java.net/browse/JDK-8217993 Changes requested by rhalade (Reviewer). test/jdk/sun/security/ssl/SSLSocketImpl/BlockedExtension.java line 2: > 1: /* > 2: * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved. Suggestion: * Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved. test/jdk/sun/security/ssl/SSLSocketImpl/BlockedExtension.java line 62: > 60: } catch (SSLException | IllegalStateException ssle) { > 61: if (shouldSuccess) { > 62: throw new Exception( Suggestion: throw new RuntimeException( test/jdk/sun/security/ssl/SSLSocketImpl/BlockedExtension.java line 70: > 68: > 69: if (!shouldSuccess) { > 70: throw new Exception( Suggestion: throw new RuntimeException( ------------- PR: https://git.openjdk.java.net/jdk/pull/1752