JDK-8296820 : Add implementation note to SSLContext.getInstance noting subsequent behavior if protocol is disabled
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Priority: P3
  • Status: Open
  • Resolution: Unresolved
  • Submitted: 2022-11-10
  • Updated: 2024-01-24
Related Reports
Relates :  
JDK-8256660 - Disable DTLS 1.0
Description
SSLContext.getInstance currently throws NoSuchAlgorithmException if a protocol is not supported by any of the configured providers.

If a protocol is disabled by an implementation, then the getInstance method still succeeds, because there is still a provider configured that supports the protocol.

However, if the application subsequently tries to use that protocol, an `SSLHandshakeException` will be thrown. This behavior could be seen as a little unexpected, since the `SSLContext` was returned for that protocol. 

Thus, it would be useful to add an implementation note to SSLContext.getInstance noting this behavior.
Comments
I decided to withdraw the PR for this request since ideally more API changes should be made to more specifically define what an `SSLContext` algorithm means, and what behavior an application may expect to see, and whether or not this behavior is implementation specific or not. See the PR (https://github.com/openjdk/jdk/pull/11172) for more details, especially this comment: https://github.com/openjdk/jdk/pull/11172#issuecomment-1324281763
28-11-2022
A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/11172 Date: 2022-11-15 17:41:19 +0000
15-11-2022