On 08/28/2013 11:02 AM, Xuelei Fan wrote:
Hi,
Please review this update to support cipher suites reorder:
webrev: http://cr.openjdk.java.net/~xuelei/7188657/webrev.00/
Two new methods are added to SSLParameters:
public final void setUseCipherSuitesOrder(boolean honorOrder);
public final boolean getUseCipherSuitesOrder();
If SSLParameters.getUseCipherSuitesOrder() return true, the local cipher
suites order returned in SSLParameters.getCipherSuites() should be
honored during SSL/TLS handshaking.
The documentation should say this parameter only applies to the server
side because that's the party that picks the cipher suite.
I wonder if an enum (with members LOCAL and PEER, and perhaps
UNSPECIFIED) would be more appropriate than a boolean flag.
--
Florian Weimer / Red Hat Product Security Team
