8348986: Improve coverage of enhanced exception messages

[Michael-Mc-Mahon]

Hi,

Enhanced exception messages are designed to hide sensitive information such as hostnames, IP
addresses from exception message strings, unless the enhanced mode for the specific category
has been explicitly enabled. Enhanced exceptions were first introduced in 8204233 in JDK 11 and
updated in 8207846.

This PR aims to increase the coverage of enhanced exception messages in the networking code.
A limited number of exceptions are already hidden (restricted) by default. The new categories and
exceptions in this PR will be restricted on an opt-in basis, ie. the default mode will be enhanced
(while preserving the existing behavior).

The mechanism is controlled by the security/system property "jdk.includeInExceptions" which takes as value
a comma separated list of category names, which identify groups of exceptions where the exception
message may be enhanced. Any category not listed is "restricted" which means that potentially
sensitive information (such as hostnames, IP addresses, user identities) are excluded from the message text.

The changes to the java.security conf file describe the exact changes in terms of the categories now
supported and any changes in behavior.

Thanks,
Michael

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue
• Change requires a CSR request matching fixVersion 25 to be approved (needs to be created)

Issue

• JDK-8348986: Improve coverage of enhanced exception messages (Enhancement - P3)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/23929/head:pull/23929
$ git checkout pull/23929

Update a local copy of the PR:
$ git checkout pull/23929
$ git pull https://git.openjdk.org/jdk.git pull/23929/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 23929

View PR using the GUI difftool:
$ git pr show -t 23929

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/23929.diff

Using Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back michaelm! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

❗ This change is not yet ready to be integrated.
See the Progress checklist in the description for automated requirements.

[openjdk]

@Michael-Mc-Mahon The following labels will be automatically applied to this pull request:

• core-libs
• net
• nio
• security

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing lists. If you would like to change these labels, use the /label pull request command.

[mlbridge]

Webrevs

• 02: Full - Incremental (41d1ef82)
• 01: Full - Incremental (074da251)
• 00: Full (c4419860)

[Michael-Mc-Mahon]

/csr needed

[openjdk]

@Michael-Mc-Mahon has indicated that a compatibility and specification (CSR) request is needed for this pull request.

@Michael-Mc-Mahon please create a CSR request for issue JDK-8348986 with the correct fix version. This pull request cannot be integrated until the CSR request is approved.