JDK-8209992 : Align SSLSocket and SSLEngine Javadocs
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Priority: P4
  • Status: Open
  • Resolution: Unresolved
  • Submitted: 2018-08-27
  • Updated: 2024-04-10
Related Reports
Relates :  
JDK-8202625 - TLS 1.3 Implementation
Description
Reported in OpenJDK:
  http://mail.openjdk.java.net/pipermail/security-dev/2018-August/018020.html
--------------------
SSLSocket.startHandshake() and SSLEngine.beginHandshake() are similar in that they start the TLS handshake, but they can also be used after the TLS handshake.

SSLSocket.startHandshake() Javadoc seems to be more generic, describing that the method may not only start a new handshake but also be used to update encryption keys etc.

Especially in light of TLS 1.3 where renegotiation is forbidden, I would like the Javadoc of these method to align and describe exactly when they do with respect to the TLS protocol version.


Followup discussions:
-------------
https://mail.openjdk.org/pipermail/security-dev/2018-August/018024.html
https://mail.openjdk.org/pipermail/security-dev/2018-August/018026.html