On 05/06/2015 01:42 AM, Xuelei Fan wrote: > As additional APIs are strongly desired, what do you think to make the > API more general and easy to use? For example, using the name: > > SSLParameters.setUseFallbackMode(boolean isFallback) > boolean SSLParameters.getuseFallbackMode() > > We can implement more for this parameters if need to take care of > additional more problems during fallback negotiation. Instinctively, > developers and code reviewers would not call this APIs unless this is a > real fallback negotiation, I think.
Sounds reasonable. I have add an @implNote mentioning that the default provider sends TLS_FALLBACK_SCSV. <http://cr.openjdk.java.net/~fweimer/8061798/webrev.01/> There are now additional tests which explicitly verify the cipher suite list sent by the client. -- Florian Weimer / Red Hat Product Security
