Hi, i looked at the patch files looks OK for me too. Since i also implemented it i can tel the server part ist ok.
Once think i found maybe an optimisation: instead of mesg.protocolVersion.compareTo(getActiveProtocols().max) < 0 maybe use mesg.protocolVersion.v < getActiveProtocols().max.v in the server handshaker. Gruß Thomas On 06.05.2015 15:42, Florian Weimer wrote: > On 05/06/2015 01:42 AM, Xuelei Fan wrote: >> As additional APIs are strongly desired, what do you think to make the >> API more general and easy to use? For example, using the name: >> >> SSLParameters.setUseFallbackMode(boolean isFallback) >> boolean SSLParameters.getuseFallbackMode() >> >> We can implement more for this parameters if need to take care of >> additional more problems during fallback negotiation. Instinctively, >> developers and code reviewers would not call this APIs unless this is a >> real fallback negotiation, I think. > Sounds reasonable. I have add an @implNote mentioning that the default > provider sends TLS_FALLBACK_SCSV. > > <http://cr.openjdk.java.net/~fweimer/8061798/webrev.01/> > > There are now additional tests which explicitly verify the cipher suite > list sent by the client. >
