[11u] RFR: 8171279: Support X25519 and X448 in TLS
Andrew Haley
aph at redhat.com
Mon Nov 30 10:45:04 UTC 2020
On 11/30/20 10:06 AM, Lindenmaier, Goetz wrote:
> I have been looking at your test, but it is not yet working
> on my machine. It skips the test after initializing.
>
> Before backing out, we should consider whether
> not having the new EC curves introduced by 8171279
> in 11.0.10 is acceptable. This is an extension that is
> documented as CSR and might be expected by people.
> It is in 11.0.10-oracle, too.
I understand, but when a patch breaks something, that patch is at fault.
If 8171279 were a critical bug fix I might have a little more sympathy
with your argument, but the new EC curves are a feature update.
> To me, it seems more relevant than the FIPS feature broken,
> which never has been an official feature as I understand,
> and of which it has been communicated (inofficially) that it
> does not work any more since 9.
>
> Nevertheless we should fix it if broken, maybe in 11.0.11.
Please.
There's some basic discipline here: patches shouldn't cause
regressions. It's the responsibility of those who make changes
to ensure this.
--
Andrew Haley (he/him)
Java Platform Lead Engineer
Red Hat UK Ltd. <https://www.redhat.com>
https://keybase.io/andrewhaley
EAC8 43EB D3EF DB98 CC77 2FAD A5CD 6035 332F A671
More information about the jdk-updates-dev
mailing list