[11u] RFR: 8223482: Unsupported ciphersuites may be offered by a TLS client
Andrew John Hughes
gnu.andrew at redhat.com
Tue Jul 23 19:35:25 UTC 2019
On 18/07/2019 20:38, Martin Balao wrote:
> Hi,
>
> I'd like to request a review for the jdk11u backport of 8223482 [1]:
>
> http://cr.openjdk.java.net/~mbalao/webrevs/8223482/8223482.jdk11u.webrev.00/
>
> There are 2 changes compared to the JDK version [2]:
>
> * SSLCipher.java
> * "Cipher.getInstance" replaced with "JsseJce.getCipher" in
> SSLCipher::isTransformationAvailable
> * JDK-11 has SunJSSE experimental FIPS support (which was removed in
> JDK), so we are able to check if the transformation is supported by
> SunJSSE's crypto provider. We don't need to check if it's supported by
> any provider because SunJSSE's crypto provider is the one that will be
> used for the TLS connection.
>
> * TestTLS12.java (FipsModeTLS12.java in JDK):
> * The change in TestTLS12::initialize does not apply to JDK-11
> * In JDK-11, we don't remove security providers because we are able
> to set the one that has to be used in SunJSSE (due to SunJSSE
> experimental FIPS support).
>
> Testing:
>
> * No regressions found in:
> * jdk/sun/security/pkcs11
> * jdk/javax/net/ssl
> * jdk/com/sun/crypto/provider/TLS
>
> * TestTLS12 updated to cover this patch
>
> Thanks,
> Martin.-
>
> --
> [1] - https://bugs.openjdk.java.net/browse/JDK-8223482
> [2] - http://hg.openjdk.java.net/jdk/jdk/rev/d0f73fccf5f3
>
The changes mentioned look ok to me.
I am curious as to why the copyright headers are being altered,
especially for
src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java which
is otherwise identical to the JDK version.
--
Andrew :)
Senior Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
https://keybase.io/gnu_andrew
More information about the jdk-updates-dev
mailing list