Re: RFR: 8061798: Add support for TLS_FALLBACK_SCSV

2015-02-03 Thread Florian Weimer
On 02/03/2015 03:18 PM, Xuelei Fan wrote: > On 1/29/2015 5:59 PM, Florian Weimer wrote: >> On 01/29/2015 04:39 AM, Xuelei Fan wrote: >>> Hi Florian, >>> >>> Thanks for contribute this patch to OpenJDK. >>> >>> The draft of TLS_FALLBACK_SCSV is moving pretty fast. Would you mind >>> wait for the in

Re: RFR: 8061798: Add support for TLS_FALLBACK_SCSV

2015-02-03 Thread Xuelei Fan
On 1/29/2015 5:59 PM, Florian Weimer wrote: > On 01/29/2015 04:39 AM, Xuelei Fan wrote: >> Hi Florian, >> >> Thanks for contribute this patch to OpenJDK. >> >> The draft of TLS_FALLBACK_SCSV is moving pretty fast. Would you mind >> wait for the integration until it becomes an official RFC in order

Re: RFR: 8061798: Add support for TLS_FALLBACK_SCSV

2015-01-29 Thread Florian Weimer
On 01/29/2015 04:39 AM, Xuelei Fan wrote: > Hi Florian, > > Thanks for contribute this patch to OpenJDK. > > The draft of TLS_FALLBACK_SCSV is moving pretty fast. Would you mind > wait for the integration until it becomes an official RFC in order to > mitigate the potential compatibility impact?

Re: RFR: 8061798: Add support for TLS_FALLBACK_SCSV

2015-01-28 Thread Xuelei Fan
Hi Florian, Thanks for contribute this patch to OpenJDK. The draft of TLS_FALLBACK_SCSV is moving pretty fast. Would you mind wait for the integration until it becomes an official RFC in order to mitigate the potential compatibility impact? I looked back the approach we used to support TLS_EMPT

RFR: 8061798: Add support for TLS_FALLBACK_SCSV

2015-01-26 Thread Florian Weimer
I have rebased the TLS_FALLBACK_SCSV implementation I submitted in October 2014 to the current jdk9-dev tree: The test uses an expired X.509 certificate (which was already part of the test suite), but this is harmless. TLS_FALLBACK_SCSV