am dcf5af38: am 8129b8b4: am dd8accfe: Merge "Mention ECDHE_PSK bug in Javadoc of PskKeyManager." into lmp-docs
* commit 'dcf5af38bfd306af77613aa051393bf7d8e8fb44':
Mention ECDHE_PSK bug in Javadoc of PskKeyManager.
diff --git a/core/java/android/net/PskKeyManager.java b/core/java/android/net/PskKeyManager.java
index d162282..f82e635 100644
--- a/core/java/android/net/PskKeyManager.java
+++ b/core/java/android/net/PskKeyManager.java
@@ -81,6 +81,13 @@
* Subclasses should normally provide their own implementation of {@code getKey} because the default
* implementation returns no key, which aborts the handshake.
*
+ * <h3>Known issues</h3>
+ * The implementation of {@code ECDHE_PSK} cipher suites in API Level 21 contains a bug which breaks
+ * compatibility with other implementations. {@code ECDHE_PSK} cipher suites are enabled by default
+ * on platforms with API Level 21 when an {@code SSLContext} is initialized with a
+ * {@code PskKeyManager}. A workaround is to disable {@code ECDHE_PSK} cipher suites on platforms
+ * with API Level 21.
+ *
* <h3>Example</h3>
* The following example illustrates how to create an {@code SSLContext} which enables the use of
* TLS-PSK in {@code SSLSocket}, {@code SSLServerSocket} and {@code SSLEngine} instances obtained