Ping again. The new system property name is "jdk.tls.rejectClientInitializedRenego". webrev: http://cr.openjdk.java.net/~xuelei/7188658/webrev.01/
Thanks, Xuelei On 5/29/2013 11:43 PM, Xuelei Fan wrote: > A new system property, "jsse.rejectClientInitializedRenego", is > introduced to reject client initialized renegotiation in server side. > If the system property is set to "true", server side should not accept > client initialized renegotiation, and is expected to fail with a fatal > handshake_failure alert if receiving client initialized renegotiation > request. > > The default value of the system property is "false". > > It is expected that other JSSE providers also comply to this > specification. The usage of the system property in client side is not > defined. > >>From the long run, the industry should move forward to secure > renegotiation. So we will not consider to support this enhancement with > new Java class or method. > > Xuelei > > On 5/29/2013 11:39 PM, Xuelei Fan wrote: >> Hi, >> >> This fix is an enhancement to add the ability in JSSE server side to >> reject client initialized renegotiation. >> >> webrev: http://cr.openjdk.java.net/~xuelei/7188658/webrev.00/ >> >> Thanks, >> Xuelei >> >
