Re: A new proposal to add methods to HttpsURLConnection to access SSLSession

Xuelei, On 30/10/18 20:55, Xuelei Fan wrote: Hi, For the current HttpsURLConnection, there is not much security parameters exposed in the public APIs.  An application may need richer information for the underlying TLS connections, for example the negotiated TLS protocol version. Please let

Date header and Java 11 HTTP client

Hi all, Why does the new Java 11 HTTP client disallow sending the date header (https://tools.ietf.org/html/rfc7231#section-7.1.1.2) with a request? I was excited to convert a bunch of code to use the new built-in HTTP client, and by chance, the first use case I picked was this: String date = H

Re: Date header and Java 11 HTTP client

Hi all, from the count of problems that are upcomming with these limits. I think there should be an switch to allowing all header. Because why limit them? Anyone who wan't to misuse them can to it via plain "Socket" or SslSocket without limit. I think there are more samples why these limit is b

Re: Date header and Java 11 HTTP client

We have filed https://bugs.openjdk.java.net/browse/JDK-8213189 "Make restricted headers in HTTP Client configurable and remove Date by default" which should deal with this finally. - Michael On 31/10/2018, 17:46, Thomas Lußnig wrote: Hi all, from the count of problems that are upcomming

8213210: Change ServerSocket(SocketImpl impl) constructor to protected access

https://bugs.openjdk.java.net/browse/JDK-8213210 Please see diff included below. CSR to follow. Thanks, Brian --- a/src/java.base/share/classes/java/net/ServerSocket.java +++ b/src/java.base/share/classes/java/net/ServerSocket.java @@ -76,10 +76,13 @@ private boolean oldImpl = false;

Re: 8213210: Change ServerSocket(SocketImpl impl) constructor to protected access

On 31/10/2018 19:13, Brian Burkhalter wrote: https://bugs.openjdk.java.net/browse/JDK-8213210 Please see diff included below. CSR to follow. One thing to check is whether ServerSocket specifies null handling anywhere. I don't think it does so you might have to add an @throws NPE. -Alan

Re: 8213210: Change ServerSocket(SocketImpl impl) constructor to protected access

> On Oct 31, 2018, at 12:16 PM, Alan Bateman wrote: > > On 31/10/2018 19:13, Brian Burkhalter wrote: >> https://bugs.openjdk.java.net/browse/JDK-8213210 >> >> >> Please see diff included below. CSR to follow. > One thing to check is whether Se

Re: 8213210: Change ServerSocket(SocketImpl impl) constructor to protected access

> On Oct 31, 2018, at 12:20 PM, Brian Burkhalter > wrote: > > -ServerSocket(SocketImpl impl) { > +protected ServerSocket(SocketImpl impl) { > this.impl = impl; > impl.setServerSocket(this); // <- NPE if impl == null > } Oops, it can throw null as indicated above.

Re: 8213210: Change ServerSocket(SocketImpl impl) constructor to protected access

On 31/10/2018 19:26, Brian Burkhalter wrote: On Oct 31, 2018, at 12:20 PM, Brian Burkhalter mailto:brian.burkhal...@oracle.com>> wrote: -   ServerSocket(SocketImpl impl) { +   protected ServerSocket(SocketImpl impl) {       this.impl = impl;       impl.setServerSocket(this); // <- NPE if impl

Re: A new proposal to add methods to HttpsURLConnection to access SSLSession

On 10/31/2018 8:52 AM, Chris Hegarty wrote: Xuelei, On 30/10/18 20:55, Xuelei Fan wrote: Hi, For the current HttpsURLConnection, there is not much security parameters exposed in the public APIs.  An application may need richer information for the underlying TLS connections, for example the

Re: Date header and Java 11 HTTP client

> On 31 Oct 2018, at 17:49, Michael McMahon > wrote: > > We have filed > > https://bugs.openjdk.java.net/browse/JDK-8213189 > > "Make restricted headers in HTTP Client configurable and remove Date by > default" > > which should deal with

Re: 8213210: Change ServerSocket(SocketImpl impl) constructor to protected access

> On 31 Oct 2018, at 19:26, Brian Burkhalter > wrote: > > ... > > --- a/src/java.base/share/classes/java/net/ServerSocket.java > +++ b/src/java.base/share/classes/java/net/ServerSocket.java > @@ -76,10 +76,16 @@ > private boolean oldImpl = false; > > /** > - * Package-private