> This is a small PR to extend the AbstractServer class in
> test/jdk/javax/net/ssl/TLSCommon/interop/ to enable users to specify a
> specific interface on which to listen for incoming connections. The default
> interface is now the loopback interface. The derived class, JdkServer, is
> also up
> The implementation of this proposal is based on the requirements,
> specification and design choices described in the [JDK-8319332] ticket and
> its respective CSR [JDK-8319333]. What follows are implementation notes
> organized per functional component, with the purpose of assisting to naviga
On Wed, 14 Aug 2024 12:22:47 GMT, Matthew Donovan wrote:
> This is a small PR to extend the AbstractServer class in
> test/jdk/javax/net/ssl/TLSCommon/interop/ to enable users to specify a
> specific interface on which to listen for incoming connections. The default
> interface is now the loop
On Wed, 21 Aug 2024 16:48:23 GMT, Martin Balao wrote:
> Looks good to me.
Thanks Martin for the review~
-
PR Comment: https://git.openjdk.org/jdk/pull/20207#issuecomment-2302556977
On Wed, 21 Aug 2024 00:09:25 GMT, Valerie Peng wrote:
>> Can someone help review this fix? Changed the required-mechanism check by
>> checking if the particular mechanism is inside the list of enabled supported
>> mechanisms. This should be more reliable than calling C_GetMechanismInfo(..)
>>
Hi all,
By default the SSLSocket does not perform any server identity checks.
This means that unless the user explicitly enables the checks, the
connection will be vulnerable to man-in-the-middle attacks. Examples
of vulnerable implementation can be found in the Java documentation,
example links:
h
