Why does SSLSocketFactory lack setEnabledCipherSuites?

寵の児 提交于 2019-12-04 05:22:04

Why does Java lack the ability to configure the SSLSocketFactory?

It could be that it was deemed to be a bad idea to allow an application to alter the enabled cipher suites. You could argue that this is a platform security issue rather than an application responsibility, and that it would be a bad thing for some application to be able to enable (or disable) suites that the system administrator has disabled / enabled.

But I don't know, and I suspect that none of the small set of people who would really know read StackOverflow regularly.

Its clearly a design decision,

In a sense, yes. But it could just be one of those design decisions that happened by accident or by default. Or it could be that "they" didn't think this functionality would be used. Or there may be a sound security reason for doing this.

Either way, if you feel strongly about this, you could suggest this as a Java enhancement (e.g. here), or work up a patch that implements your enhancement and submit it to the OpenJDK team.

And if you don't feel motivated to propose / implement an enhancement, the best way to get an answer to "why did they do it" is to ask "them" yourself. (And please share the answer ...)

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!