On Fri, 18 Apr 2025 13:05:24 GMT, Daniel Fuchs <dfu...@openjdk.org> wrote:
> Hi, > > Please find here a PR for the implementation of JEP [JDK-8291976: HTTP/3 for > the HTTP Client API](https://bugs.openjdk.org/browse/JDK-8291976). > > The CSR can be viewed at [JDK-8350588: Implement HTTP/3 for the HTTP Client > API](https://bugs.openjdk.org/browse/JDK-8350588) > > This JEP proposes to enhance the HttpClient implementation to support HTTP/3. > It adds a non-exposed / non-exported internal implementation of the QUIC > protocol based on DatagramChannel and the SunJSSE SSLContext provider. src/java.base/share/classes/sun/security/ssl/X509Authentication.java line 221: > 219: chc.peerSupportedAuthorities.clone(), > 220: engine); > 221: // TODO should we have a method that can take QuicTLSEngine? Yes, I think we should have a method for `QuicTLSEngine` in `X509KeyManagerImpl`. In that new method we should use session's `peerSupportedSignAlgs` to construct algorithm constraints the same way we do it for `SSLSocketImpl` and for `SSLEngineImpl`. This is per TLSv1.3 RFC: https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.3 ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/24751#discussion_r2054448979
