Hi Thomas,
After reviewing a lot of the back mail and the desires expressed, I have
two orthogonal proposals to make.
The first (next email) is an ALPN-specific API using a simple callback
selector which I think addresses most of the protocol selection concerns.
The second (below) is a mor
Hi,
1) There are two types of extensions:
a) That modify the directly how the engine works like
[max_fragment_length,heartbeat,encrypt_then_mac,extended_master_secret,SessionTicket,...]
b) That provide information (modify the network protocol) like
[npn,alpn,status_request,...]
2) Some of the exti
/bugs.openjdk.java.net/browse/JDK-8046321
JEP 249: OCSP Stapling for TLS
[3] https://bugs.openjdk.java.net/browse/JDK-8051498
JEP 244: TLS Application-Layer Protocol Negotiation Extension
[4] https://technotes.googlecode.com/git/nextprotoneg.html
On 4/13/2015 8:02 PM, Xuelei Fan wrote:
Thanks
I see. I filed a new bug:
https://bugs.openjdk.java.net/browse/JDK-8077806
Thanks for looking into this issue.
Xuelei
On 4/15/2015 12:25 AM, Thomas Lußnig wrote:
> Hi,
>
> the point is simple. The description for the code say that TLSv1.2
> should not have an valid PRF.
> But for example SSL
Hi,
the point is simple. The description for the code say that TLSv1.2
should not have an valid PRF.
But for example SSL_DH_anon_WITH_DES_CBC_SHA which is obsoleted in TLSv1.2.
But since obsoleted is set to TLSv1.2 the code part:
if (obsoleted < ProtocolVersion.TLS12.v) { prf = P_NONE; }
Does no
Hi,
the point is simple. The description for the code say that TLSv1.2
should not have an valid PRF.
But for example SSL_DH_anon_WITH_DES_CBC_SHA which is obsoleted in TLSv1.2.
But since obsoleted is set to TLSv1.2 the code part:
if (obsoleted < ProtocolVersion.TLS12.v) { prf = P_NONE; }
Does no
Thanks for the proposal.
A general TLS/DTLS extension API and pluginable extension implementation
is a good idea. But as there is no rules about how an extension may
impact the handshake flow, it is not easy to define a general APIs for
all existing known or unknown extensions and future extensio
On 4/14/2015 2:25 AM, Thomas Lußnig wrote:
> Hi,
>
> i checked the CipherSuites in JDK and found that in the JDK there is and
> mistake i think.
> In CipherSuite the method add set the PRF to NONE only if obsoleted less
> than TLSv1.2.
> But if the suite is forbidden / obsoleted in TLSv1.2 the che
On 10.04.2015 00:36, mark.reinh...@oracle.com wrote:
> New JEP Candidate: http://openjdk.java.net/jeps/244
>
> - Mark
Hi,
would it not be an great idea to combine all these new extensions to an
generic way how to handle the SSL Protocol Handshake ?
JEPS-244 ALPN
http://openjdk.java.net/jeps/80463
Hi,
i checked the CipherSuites in JDK and found that in the JDK there is and
mistake i think.
In CipherSuite the method add set the PRF to NONE only if obsoleted less
than TLSv1.2.
But if the suite is forbidden / obsoleted in TLSv1.2 the check must be
<= (less or equal)
if i am correct.
http://gr
Hi,
this could be an interface for such an Callback.
It allow hello extensions as well as handshake extensions.
If it would be really clean we would have an handler for:
- NPN
- ALPN
- Channel ID
- ZertificateSignature
- OCSP-Stapling
- ServerName
- Session Ticket
The handler could be also used f
Hi,
On Mon, Apr 13, 2015 at 6:22 PM, David M. Lloyd wrote:
> Do you know of a Java TLS implementation that has APIs like this already? I
> am also interested in this for the ability to implement authentication
> mechanisms (GSSAPI and SASL) that rely on channel binding, so I would like
> to see
On 04/13/2015 09:58 AM, Thomas Lußnig wrote:
On 10.04.2015 00:36, mark.reinh...@oracle.com wrote:
New JEP Candidate: http://openjdk.java.net/jeps/244
- Mark
Hi,
would it not be an great idea to combine all these new extensions to an
generic way how to handle the SSL Protocol Handshake ?
Do
On 10.04.2015 00:36, mark.reinh...@oracle.com wrote:
> New JEP Candidate: http://openjdk.java.net/jeps/244
>
> - Mark
Hi,
would it not be an great idea to combine all these new extensions to an
generic way how to handle the SSL Protocol Handshake ?
JEPS-244 ALPN
http://openjdk.java.net/jeps/8046
14 matches
Mail list logo
