JDK-8170282 : Enable ALPN parameters to be supplied during the TLS handshake
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 8,9
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2016-11-23
  • Updated: 2020-02-21
  • Resolved: 2016-12-16
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8 JDK 9 Other
8u251Fixed 9 b150Fixed openjdk8u252Fixed
Related Reports
Relates :  
JDK-8051498 - JEP 244: TLS Application-Layer Protocol Negotiation Extension
Relates :  
JDK-8171443 - (spec) An ALPN callback function may also ignore ALPN
Relates :  
JDK-8171339 - Develop interoperability tests for enabling ALPN parameters to be supplied during the TLS handshake
Sub Tasks
JDK-8170792 :  
Test Development for enabling ALPN parameters to be supplied during the TLS handshake - Resolved
Description
ALPN (Application Layer Protocol Negotiation) [1] is a TLS extension to enable
clients and servers to negotiate the application-level protocol that will
be carried over TLS.

In JDK 9 new APIs were introduced to set and get application protocol names.
These values are set in advance by TLS clients and servers and then exchanged
during the TLS handshake. See JEP-244 (http://openjdk.java.net/jeps/244).

Subsequently, a specific use-case was identified that is not addressed
by our APIs. HTTP servers that support HTTP/2 [2] are constrained in their
choice of cipher suite and are therefore unable to select the application
protocol name in advance. Instead they must defer selection until after
the TLS cipher suite is known.

We need to introduce an API to enable such servers to set the application
protocol name during the TLS handshake.


____
[1] http://www.rfc-editor.org/rfc/rfc7301.txt
[2] http://www.rfc-editor.org/rfc/rfc7540.txt
Comments
FC Extension Request Remaining work: - Design (done) A new API that adds 2 new getter/setter methods on javax.net.ssl.SSLEngine and javax.net.ssl.SSLSocket. - Implementation (2 weeks) - Test (1 week) Risk: low. The problem is well-understood and the fix is underway. Justification: The Java Servlet Expert Group have identified a significant use-case for HTTP2 servers that is not addressed by the current ALPN API (JEP-244: http://openjdk.java.net/jeps/244). The Servlet API will be the sole API used by Java EE 8 to support HTTP2. Completion estimate: 22 Dec 2016
29-11-2016