On Mon, 25 Jan 2021 22:27:25 GMT, Rajan Halade <rhal...@openjdk.org> wrote:
>> Xue-Lei Andrew Fan has updated the pull request incrementally with one >> additional commit since the last revision: >> >> Update copyright years to 2021 > > Marked as reviewed by rhalade (Reviewer). Hi Bernd, I agree with you that System property is not as useful to configure individual connections. It is mostly used for corner cases that have interoperability or compatibility issues. A general program should use APIs and the default system properties. > _Mailing list message from [Bernd Eckenfels](mailto:e...@zusammenkunft.net) > on [security-dev](mailto:security-dev@openjdk.java.net):_ > > Hello, > > I wanted to mention again, that all those System property configurations are > good, especially to resolve the update pains, but not really useful if you > want to make configurations on a per-connection base. If you have to support > multiple partners it can be a real pain to setup a common feature set or > multiple instances. For this a generic feature setter for the context would > be really useful. Most prominent recent example is the ca-extension, which > only really makes sense if you also did programmatically configure a small > list of trusted CAs. > Yes, ca-extension is an item I was thinking of to support in JDK. > I also think it would overall clean up the code and give a good place for > Javadoc all those options. > Not to mention the default could be tied to a few new context names. > Currently, the system properties are documented in the JSSE Reference Guides. But just as you know, it is as easy to follow. I agree with you that it would be nice to have better place to have them all together. Thank you for the review. Regards, Xuelei > Gruss > Bernd > -- > http://bernd.eckenfels.net ------------- PR: https://git.openjdk.java.net/jdk/pull/1752
