On 6/14/2013 9:39 AM, Weijun Wang wrote: > What is this for? > > state != HandshakeMessage.ht_hello_request > It is to allow server initialized renegotiation. If server want a renegotiation, it may send a HelloRequest message, and than the client may response with a ClientHello message. We should allow server initialized renegotiation. This is a filter in order to ignore server initialized renegotiation.
Xuelei > -Max > > On 6/13/13 5:05 PM, Xuelei Fan wrote: >> Ping again. >> >> The new system property name is "jdk.tls.rejectClientInitializedRenego". >> webrev: http://cr.openjdk.java.net/~xuelei/7188658/webrev.01/ >> >> Thanks, >> Xuelei >> >> On 5/29/2013 11:43 PM, Xuelei Fan wrote: >>> A new system property, "jsse.rejectClientInitializedRenego", is >>> introduced to reject client initialized renegotiation in server side. >>> If the system property is set to "true", server side should not accept >>> client initialized renegotiation, and is expected to fail with a fatal >>> handshake_failure alert if receiving client initialized renegotiation >>> request. >>> >>> The default value of the system property is "false". >>> >>> It is expected that other JSSE providers also comply to this >>> specification. The usage of the system property in client side is not >>> defined. >>> >>> >From the long run, the industry should move forward to secure >>> renegotiation. So we will not consider to support this enhancement with >>> new Java class or method. >>> >>> Xuelei >>> >>> On 5/29/2013 11:39 PM, Xuelei Fan wrote: >>>> Hi, >>>> >>>> This fix is an enhancement to add the ability in JSSE server side to >>>> reject client initialized renegotiation. >>>> >>>> webrev: http://cr.openjdk.java.net/~xuelei/7188658/webrev.00/ >>>> >>>> Thanks, >>>> Xuelei >>>> >>> >>
