From d57cfe8ce1d46bffb528ae00e6e809d846c837b6 Mon Sep 17 00:00:00 2001
From: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Date: Tue, 22 Nov 2016 12:00:10 -0700
Subject: [PATCH] Issue #1108 - adding comment about the purpose of the
 pristine SSLEngine

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
---
 .../java/org/eclipse/jetty/util/ssl/SslContextFactory.java    | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
index 8f9f0b9f342..871b656c546 100644
--- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
+++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
@@ -344,6 +344,10 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
     
         try
         {
+            /* Use a pristine SSLEngine (not one from this SslContextFactory).
+             * This will allow for proper detection and identification
+             * of JRE/lib/security/java.security level disabled features
+             */
             SSLEngine sslEngine = SSLContext.getDefault().createSSLEngine();
     
             List<Object> selections = new ArrayList<>();