JDK-8259938 : Internal LDAP channel binding property should be public
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 16
  • Priority: P4
  • Status: Closed
  • Resolution: Won't Fix
  • Submitted: 2021-01-18
  • Updated: 2021-06-09
  • Resolved: 2021-06-09
Related Reports
CSR :  
JDK-8260429 - Internal LDAP channel binding property should be public
Relates :  
JDK-8245527 - LDAP Channel Binding support for Java GSS/Kerberos
Description
The fix for https://bugs.openjdk.java.net/browse/JDK-8245527 introduced an internal property "jdk.internal.sasl.tlschannelbinding" which is used to pass the channel binding application data to the Sasl client.

We have a custom Sasl client which support a native GSS implementation for Windows.  The client needs to read this property in order to pass the application data to the native initialize and accept methods.

It would be better if the property jdk.internal.sasl.tlschannelbinding was renamed to some public value and the property documented.
Comments
Use existing property name. Could be re implemented as part of GS2 SASL implementation
09-06-2021
If this is being deferred to 18 it would be better to drop it completely. Existing code for 16 (and for 17 when out) will be using the existing property name "jdk.internal.sasl.tlschannelbinding". Seems no point in changing it now.
09-06-2021
[~abakhtin] Can you please retarget this Enhancement to JDK 18 (set the fixVersion to "18") as the JDK 17 RDP is tomorrow? Thanks.
09-06-2021
The property needs to be read by third party SaslClient implementations (such as ours) so does not need to be fully "public". Just need to be sure it will not change in future versions.
22-01-2021