Bug ID: 6976117 SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled

6976117 : SSLContext.getInstance("TLSv1.1") returns SSLEngines/SSLSockets without TLSv1.1 enabled

Details

Type:	Bug	Submit Date:	2010-08-11
Status:	Closed	Updated Date:	2011-06-22
Project Name:	JDK	Resolved Date:	2011-06-22
Component:	security-libs	OS:	generic
Sub-Component:	javax.net.ssl	CPU:	generic
Priority:	P3
Resolution:	Fixed
Affected Versions:	1.4.0,7
Fixed Versions:	7

Related Reports

Duplicate:	JDK-4619276 - could add a getDefaultProtocols/getSupportedProtocols to factories
Relates:	JDK-4873188 - Support TLS 1.1
Relates:	JDK-6916074 - Add support for TLS 1.2
Relates:	JDK-7174244 - NPE in Krb5ProxyImpl.getServerKeys()

Sub Tasks

Description

This is a problem which we should address in TLS 1.2, but applies to 1.1.

If an app wants to be a *CLIENT* and calls:

    SSLContext.getInstance("TLSv1.1");

we're currently going to be returning an instance which won't have TLSv1.1 enabled by default.  While technically ok by the Javadoc, I think we need to change that or we're going to have some surprised developers.

Probably the easiest is extend SSLContextImpl with SSLv3, TLS1, TLSv1.1, and TLSv1.2 variants:

    public class TLSv11ContextImpl extends SSLContextImpl {

and then update SunJSSE to recognize it:

        put("SSLContext.TLSv1.1",
            "sun.security.ssl.TLSv11ContextImpl");

Then on creation of the SSLContextImpl, we enable the protocol by default.

    return new SSLSocketFactoryImpl(this,
        new String[] { "TLSv1.1", ...other suitable defaults...);
Need to integrate the update of CR 4619276 with this (to add a getDefaultProtocols/getSupportedProtocols to factories).

Comments

EVALUATION

See description.

2010-08-12

SUGGESTED FIX

See comments.

2010-08-11

SELECT A COUNTRY/REGION
Africa Operation Argentina Australia Austria Bahrain Bangladesh Belgium & Luxembourg Belize Bhutan Bolivia Bosnia & Herzegovina Brasil Brunei Bulgaria Cambodia Canada - English Canada - French Chile China Colombia	Costa Rica Croatia Cyprus Czech Republic Denmark Ecuador Egypt Estonia Finland France Germany Greece Guatemala Honduras Hong Kong Hungary India Indonesia Iraq Ireland	Israel Italy Japan Jordan Kazakhstan Korea Kuwait Laos Latvia Lebanon Lithuania Malaysia Maldives Malta Mexico Moldova Nepal Netherlands New Zealand Nicaragua	Norway Oman Pakistan Panama Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Romania Russia Saudi Arabia Serbia & Montenegro Singapore Slovakia Slovenia South Africa Spain	Sri Lanka Sweden Switzerland -- French Switzerland -- German Taiwan Thailand Turkey Ukraine United Arab Emirates United Kingdom United States Uruguay Venezuela Vietnam Yemen

Hardware and Software, Engineered to Work Together