[11u] RFR(M): 8234728: Some security tests should support TLSv1.3
Lindenmaier, Goetz
goetz.lindenmaier at sap.com
Thu Apr 9 09:55:31 UTC 2020
Hi,
Thanks!
To double-check I ran it through our tests once more, all green.
Best regards,
Goetz.
> -----Original Message-----
> From: Langer, Christoph <christoph.langer at sap.com>
> Sent: Monday, April 6, 2020 9:08 PM
> To: Lindenmaier, Goetz <goetz.lindenmaier at sap.com>; jdk-updates-
> dev at openjdk.java.net
> Subject: RE: [11u] RFR(M): 8234728: Some security tests should support
> TLSv1.3
>
> Hi Goetz,
>
> looks good now. Feel free to push, unless this update would break the test
> results ��
>
> Best regards
> Christoph
>
> > -----Original Message-----
> > From: Lindenmaier, Goetz <goetz.lindenmaier at sap.com>
> > Sent: Montag, 6. April 2020 18:35
> > To: Lindenmaier, Goetz <goetz.lindenmaier at sap.com>; Langer, Christoph
> > <christoph.langer at sap.com>; jdk-updates-dev at openjdk.java.net
> > Subject: RE: [11u] RFR(M): 8234728: Some security tests should support
> > TLSv1.3
> >
> > > > For
> > test/jdk/sun/security/util/HostnameMatcher/NullHostnameCheck.java
> > > > I have a question: Why don't you take the hunk to use the passed
> > protocol
> > > >for clientCtx
> > (https://hg.openjdk.java.net/jdk/jdk/rev/d6a38e8f7389#l6.35) ? I
> > > > think it would fit.
> > > The tests differ a lot. I edited the test in 11 to use the protocol passed in
> > > Wherever needed. The test in 11 does not deal with the clientCtx, so
> > > There was no place for that.
> >
> > Oh no, you are right, I missed it. All nonsense above ... here better webrev:
> > http://cr.openjdk.java.net/~goetz/wr20/8234728-security_tests-jdk11/03/
> >
> > Sorry,
> > Goetz
> >
> >
> > > > In
> test/jdk/javax/net/ssl/sanity/ciphersuites/TLSCipherSuitesOrder.java,
> > I
> > > > would not uncomment the lines of TLS_CHACHA20_POLY1305_SHA256
> > and
> > > > TLS_CHACHA20_POLY1305_SHA256 but rather drop them completely.
> > > These
> > > > suites don't exist in 11 and for CipherSuitesInOrder.java we also don't
> > keep
> > > > them commented.
> > > Ok, I will remove them.
> > >
> > > New webrev:
> > > http://cr.openjdk.java.net/~goetz/wr20/8234728-security_tests-
> jdk11/02/
> > >
> > > Best regards,
> > > Goetz.
> > >
> > >
> > > >
> > > > Best regards
> > > > Christoph
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: jdk-updates-dev <jdk-updates-dev-
> bounces at openjdk.java.net>
> > > On
> > > > > Behalf Of Lindenmaier, Goetz
> > > > > Sent: Freitag, 3. April 2020 13:26
> > > > > To: jdk-updates-dev at openjdk.java.net
> > > > > Subject: [CAUTION] [11u] RFR(M): 8234728: Some security tests
> should
> > > > > support TLSv1.3
> > > > >
> > > > > Hi,
> > > > >
> > > > > I would like to downport this for parity with 11.0.8-oracle.
> > > > >
> > > > > http://cr.openjdk.java.net/~goetz/wr20/8234728-security_tests-
> > > > > jdk11/webrev/
> > > > >
> > > > > Although this change claims it is a test fix, it touches
> > > > > java.base. It fixes some type-os there.
> > > > > Some of the comments fixed are not in CipherSuite.java in
> > > > > 11u, so the patch did not apply. I had to skip these.
> > > > >
> > > > > Also, the change did not cleanly apply to the the test
> > > > > NullHostnameCheck.java
> > > > > because "8228967: Trust/Key store and SSL context utilities for tests"
> is
> > > not
> > > > > in 11. I adapted it. The TLS level is now passed to the test.
> > > > >
> > > > > The change makes TLSCipherSuitesOrder.java fail.
> > > > > First, it looks for a Cipher Suite not in 11. I removed this.
> > > > > Second, it depends on a change by "8171279: Support X25519 and
> > > > > X448 in TLS". This is a big change and only a single function
> > > > > call is needed. I added only the required changes of 8171279 to
> > > > > TLSSocketTemplate.java in this change.
> > > > >
> > > > > I also changed CipherSuitesInOrder.java so that it passes.
> > > > > I kept the old list of supportedCipherSuites, and
> > > > > added TLS_AES_128_GCM_SHA256 and TLS_AES_256_GCM_SHA384.
> > > > >
> > > > > Please review.
> > > > >
> > > > > Original change:
> > > > > https://bugs.openjdk.java.net/browse/JDK-8234728
> > > > > https://hg.openjdk.java.net/jdk/jdk14/rev/fa82151f29c4
More information about the jdk-updates-dev
mailing list