March 4, 2021 12:57 PM
> *To:* jdk-...@openjdk.java.net
> *Subject:* TLS 1.3 Post-handshake authentication
>
> Hi,
>
> I noticed the following issue was recently closed:
>
> https://bugs.openjdk.java.net/browse/JDK-8206923
>
> For the Servlet spec this is however a very
Hi,
On Fri, Mar 5, 2021 at 5:21 PM Xue-Lei Fan wrote:
> Thanks for the detailed information. I have a better sense of the
> scenarios now. What about HTTP/2? Will the business logic
> or scenarios get changed for HTTP/2? Could the change apply to HTTP/1.1 as
> well?
>
For HTTP/2 we'll have t
Thanks for the detailed information. I have a better sense of the scenarios
now. What about HTTP/2? Will the business logic or scenarios get changed for
HTTP/2? Could the change apply to HTTP/1.1 as well?
Xuelei
On Mar 5, 2021, at 5:43 AM, arjan tijms
mailto:arjan.ti...@gmail.com>> wrote:
Hi,
On Fri, Mar 5, 2021 at 2:05 AM Xue-Lei Fan wrote:
> Does it mean that when switch to HTTP/2, the concern is not valid any
> longer? Or there is an alternative solution? Sorry for the questions, I
> know little about servlet. I'm trying to understand the requirement of
> this feature.
>
M
Sent: Thursday, March 4, 2021 2:08 PM
To: Xue-Lei Fan
Cc: security-dev@openjdk.java.net
Subject: [External] : Re: TLS 1.3 Post-handshake authentication
Hi,
On Thu, Mar 4, 2021 at 10:48 PM Xue-Lei Fan
mailto:xuelei@oracle.com>> wrote:
Hi Arjan,
Did you have a chance to read RFC
Hi,
On Thu, Mar 4, 2021 at 10:48 PM Xue-Lei Fan wrote:
> Did you have a chance to read RFC 8740? Post-Handshake authentication in
> HTTP/2 is not allowed for TLS 1.3. Is there a concern for the use case you
> mentioned?
>
Servlet supports both HTTP/1.1 and HTTP/2. The concern here is for
HTTP
To: jdk-...@openjdk.java.net
Subject: TLS 1.3 Post-handshake authentication
Hi,
I noticed the following issue was recently closed:
https://bugs.openjdk.java.net/browse/JDK-8206923
For the Servlet spec this is however a very important feature, to the point
that for the Servlet TCK we would need
