I see. The code change looks fine then.
Thanks
Max
On 6/14/13 9:45 AM, Xuelei Fan wrote:
On 6/14/2013 9:39 AM, Weijun Wang wrote:
What is this for?
state != HandshakeMessage.ht_hello_request
It is to allow server initialized renegotiation. If server want a
renegotiation, it may send a HelloRequest message, and than the client
may response with a ClientHello message. We should allow server
initialized renegotiation. This is a filter in order to ignore server
initialized renegotiation.
Xuelei
-Max
On 6/13/13 5:05 PM, Xuelei Fan wrote:
Ping again.
The new system property name is "jdk.tls.rejectClientInitializedRenego".
webrev: http://cr.openjdk.java.net/~xuelei/7188658/webrev.01/
Thanks,
Xuelei
On 5/29/2013 11:43 PM, Xuelei Fan wrote:
A new system property, "jsse.rejectClientInitializedRenego", is
introduced to reject client initialized renegotiation in server side.
If the system property is set to "true", server side should not accept
client initialized renegotiation, and is expected to fail with a fatal
handshake_failure alert if receiving client initialized renegotiation
request.
The default value of the system property is "false".
It is expected that other JSSE providers also comply to this
specification. The usage of the system property in client side is not
defined.
>From the long run, the industry should move forward to secure
renegotiation. So we will not consider to support this enhancement with
new Java class or method.
Xuelei
On 5/29/2013 11:39 PM, Xuelei Fan wrote:
Hi,
This fix is an enhancement to add the ability in JSSE server side to
reject client initialized renegotiation.
webrev: http://cr.openjdk.java.net/~xuelei/7188658/webrev.00/
Thanks,
Xuelei
