On Tue, 15 Nov 2022 19:07:05 GMT, Xue-Lei Andrew Fan <xue...@openjdk.org> wrote:
> It may be not an option to stop at SSLContext.getInstance() if the protocol > is disabled rather than delay to handshaking, as an application still can > have the protocol back by overriding the default security properties. I may be wrong. The security property may be just loaded one time, and the follow-on update will not take effect. If it is the case, is it an option to stop at SSLContext.getInstance()? ------------- PR: https://git.openjdk.org/jdk/pull/11172
