am dcf5af38: am 8129b8b4: am dd8accfe: Merge "Mention ECDHE_PSK bug in Javadoc of PskKeyManager." into lmp-docs automerge: 2f1c76f

automerge: 42340b9

* commit '42340b9de03fb2b27a0f915d827d729bce7fcda7':
  Mention ECDHE_PSK bug in Javadoc of PskKeyManager.

1 files changed, 7 insertions, 0 deletions

diff --git a/core/java/android/net/PskKeyManager.java b/core/java/android/net/PskKeyManager.java
index d162282..f82e635 100644
--- a/core/java/android/net/PskKeyManager.java
+++ b/core/java/android/net/PskKeyManager.java
@@ -81,6 +81,13 @@ import javax.net.ssl.SSLEngine;
  * Subclasses should normally provide their own implementation of {@code getKey} because the default
  * implementation returns no key, which aborts the handshake.
  *
+ * <h3>Known issues</h3>
+ * The implementation of {@code ECDHE_PSK} cipher suites in API Level 21 contains a bug which breaks
+ * compatibility with other implementations. {@code ECDHE_PSK} cipher suites are enabled by default
+ * on platforms with API Level 21 when an {@code SSLContext} is initialized with a
+ * {@code PskKeyManager}. A workaround is to disable {@code ECDHE_PSK} cipher suites on platforms
+ * with API Level 21.
+ *
  * <h3>Example</h3>
  * The following example illustrates how to create an {@code SSLContext} which enables the use of
  * TLS-PSK in {@code SSLSocket}, {@code SSLServerSocket} and {@code SSLEngine} instances obtained