On 3/12/19 1:12 PM, Xuelei Fan wrote:
On 3/12/2019 6:05 AM, Sean Mullan wrote:
Looks good, but a couple of comments:
In the Solution section, it says: "Applications can change the
behavior with the existing SSLParameters.setUseCipherSuitesOrder()
method."
I think you should be more clear that this means applications can
change the order of the server's preferred cipher suites. There will
be no way to go back to the previous behavior where the client's order
is respected.
If a server call SSLParameters.setUseCipherSuitesOrder(false), the
client's order is respected.
Oh, ok, I retract my comment then. When I read this, I had
misinterpreted this to be the method that you use to set the enabled suites.
--Sean
Same comment in the proposed Release Note, although I don't think this
section needs to be in the CSR, does it?
It's not a required part of the CSR. I use this section to have the
release note reviewed as well. I will remove this section as it is a
kind of duplication of the release-note entry.
Thanks,
Xuelei
--Sean
On 2/25/19 12:36 PM, Xuelei Fan wrote:
Hi,
Could I have the following CSR reviewed?
https://bugs.openjdk.java.net/browse/JDK-8219657
It is proposing to use server cipher suite preference by default for
TLS connections in JDK. In the current implementation, the server
honors the client cipher suite preference by default. It is easier to
maintain if using the server cipher suite preference, and then the
server can have more control over the security parameters of TLS
connections.
I think the compatibility impact should be minimal. If there is a
known risk for you, please let me know by the end of March 4, 2019.
Thanks,
Xuelei
