JDK-8260310 : Release Note: Configurable Extensions With System Properties
  • Type: Sub-task
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 8u321,11.0.14-oracle,17
  • Priority: P4
  • Status: Closed
  • Resolution: Delivered
  • Submitted: 2021-01-22
  • Updated: 2022-06-24
  • Resolved: 2021-08-06
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 17 JDK 8
11.0.14-oracleResolved 17Resolved 8u321Resolved
Description
Two new system properties have been added. The system property, `jdk.tls.client.disableExtensions`, is used to disable TLS extensions used in the client. The system property, `jdk.tls.server.disableExtensions`, is used to disable TLS extensions used in the server. If an extension is disabled, it will be neither produced nor processed in the handshake messages.

The property string is a list of comma separated standard TLS extension names, as registered in the IANA documentation (for example, server_name, status_request, and signature_algorithms_cert). Note that the extension names are case sensitive. Unknown, unsupported, misspelled and duplicated TLS extension name tokens will be ignored.

Please note that the impact of blocking TLS extensions is complicated. For example, a TLS connection may not be able to be established if a mandatory extension is disabled. Please do not disable mandatory extensions, and do not use this feature unless you clearly understand the impact.