diff options
| -rw-r--r-- | core/java/android/net/PskKeyManager.java | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/core/java/android/net/PskKeyManager.java b/core/java/android/net/PskKeyManager.java index d162282..f82e635 100644 --- a/core/java/android/net/PskKeyManager.java +++ b/core/java/android/net/PskKeyManager.java @@ -81,6 +81,13 @@ import javax.net.ssl.SSLEngine; * Subclasses should normally provide their own implementation of {@code getKey} because the default * implementation returns no key, which aborts the handshake. * + * <h3>Known issues</h3> + * The implementation of {@code ECDHE_PSK} cipher suites in API Level 21 contains a bug which breaks + * compatibility with other implementations. {@code ECDHE_PSK} cipher suites are enabled by default + * on platforms with API Level 21 when an {@code SSLContext} is initialized with a + * {@code PskKeyManager}. A workaround is to disable {@code ECDHE_PSK} cipher suites on platforms + * with API Level 21. + * * <h3>Example</h3> * The following example illustrates how to create an {@code SSLContext} which enables the use of * TLS-PSK in {@code SSLSocket}, {@code SSLServerSocket} and {@code SSLEngine} instances obtained |