ChristopherSchultz commented on a change in pull request #380:
URL: https://github.com/apache/tomcat/pull/380#discussion_r535344046
##########
File path: java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
##########
@@ -202,6 +232,15 @@ public String getSNIValue() {
}
+ public List<String> getClientRequestedProtocols() {
+ if (result == ExtractorResult.COMPLETE || result ==
ExtractorResult.NOT_PRESENT) {
+ return clientRequestedProtocols;
+ } else {
+ throw new IllegalStateException();
Review comment:
-1 to having no detail message
##########
File path: java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
##########
@@ -72,7 +76,9 @@ public TLSClientHelloExtractor(ByteBuffer netInBuffer) throws
IOException {
int limit = netInBuffer.limit();
ExtractorResult result = ExtractorResult.NOT_PRESENT;
List<Cipher> clientRequestedCiphers = new ArrayList<>();
+ List<String> clientRequestedCipherNames = new ArrayList<>();
List<String> clientRequestedApplicationProtocols = new ArrayList<>();
+ List<String> clientRequestedProtocols = new ArrayList<>();
Review comment:
Clients can only request a single protocol version. If there is a
mismatch, the Server Hello response will propose another protocol. This will
continue until the two agree or decide to terminate the connection. Is this
list of protocols intended to capture that back-and-forth?
Oh, wait. `supported_versions` extension and TLSv1.3.
https://tools.ietf.org/html/rfc8446#section-4.2.1
LGTM!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
