Bug ID: JDK-8282800 Release Note: Fully Support Endpoint Identification Algorithm in RFC 6125

JDK-8282800 : Release Note: Fully Support Endpoint Identification Algorithm in RFC 6125

Type: Sub-task
Component: security-libs
Sub-Component: javax.net.ssl
Affected Version: 19

Priority: P3
Status: Resolved
Resolution: Delivered

Submitted: 2022-03-08
Updated: 2022-06-08
Resolved: 2022-06-08

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 19
19Resolved

Description

The JDK `SunJSSE` provider implementation has been enhanced to be fully compliant with RFC 6125. Prior to this release, the implementation was compliant except for one case, which has now been addressed: the implementation will not attempt to match wildcard domains in TLS certificates where the wildcard character comprises a label other than the left-most label. 

If necessary, applications can workaround this restriction by implementing their own `HostnameVerifier` or `TrustManager`.