src/java.base/share/classes/javax/net/ssl/SSLParameters.java
Print this page
rev 10851 : Implement TLS_FALLBACK_SCSV
@@ -72,10 +72,11 @@
private String identificationAlgorithm;
private AlgorithmConstraints algorithmConstraints;
private Map<Integer, SNIServerName> sniNames = null;
private Map<Integer, SNIMatcher> sniMatchers = null;
private boolean preferLocalCipherSuites;
+ private boolean sendFallbackSCSV;
/**
* Constructs SSLParameters.
* <p>
* The values of cipherSuites, protocols, cryptographic algorithm
@@ -462,7 +463,42 @@
* @since 1.8
*/
public final boolean getUseCipherSuitesOrder() {
return preferLocalCipherSuites;
}
+
+ /**
+ * Sets whether the TLS client should tell the TLS server that it
+ * has performed a protocol downgrade.
+ * <p>
+ * <em>Note: Performing protocol downgrades outside the TLS
+ * protocol can introduce security vulnerabilities. The
+ * built-in version negotiation mechanism of the TLS protocol
+ * should be used instead of explicit protocol downgrades.</em>
+ *
+ * @param sendSCSV whether to send @{code TLS_FALLBACK_SCSV}
+ * as part of the TLS handshake.
+ *
+ * @see #getSendFallbackSCSV()
+ *
+ * @since 1.9
+ */
+ public final void setSendFallbackSCSV(boolean sendSCSV) {
+ sendFallbackSCSV = sendSCSV;
+ }
+
+ /**
+ * Returns whether the TLS client should tell the TLS server that it
+ * has performed a protocol downgrade.
+ *
+ * @return whether to send @{code TLS_FALLBACK_SCSV}
+ * as part of the TLS handshake.
+ *
+ * @see #setSendFallbackSCSV(boolean)
+ *
+ * @since 1.9
+ */
+ public final boolean getSendFallbackSCSV() {
+ return sendFallbackSCSV;
+ }
}