Backport of JDK-8014618 to JDK6? (Need to strip leading zeros in TlsPremasterSecret of DHKeyAgreement)
Xuelei Fan
xuelei.fan at oracle.com
Sat Jul 12 02:44:50 UTC 2014
Alex,
Thank you very much for the quick debugging and feedback. You
conclusion is identical to me that JDK-8014618 does not apply to JDK 6.
Good luck!
Xuelei
On 7/11/2014 6:18 PM, Alex Bligh wrote:
> Xulei,
>
> On 11 Jul 2014, at 07:14, Alex Bligh <alex at alex.org.uk> wrote:
>
>> In this case I'm afraid I have confirmed that it is *not* the cause of the
>> particular failure we are seeing (the failure turned out to be elsewhere
>> after many hours debugging).
>>
>> However, reading the code it would seem this should still be an issue,
>> and if it is an issue should presumably be reproducible using the
>> test case at:
>> https://bugs.openjdk.java.net/browse/JDK-8014618
>>
>> I'll have a go at this later if I get some time.
>
> I got some time. I've run over 5,000 iterations of the test without a
> single error. I am assuming:
>
> depth=0 CN = test
> verify error:num=18:self signed certificate
> verify return:1
> depth=0 CN = test
> verify return:1
>
> is acceptable as an output, i.e. it's still doing the DH key
> exchange, because verify errors do not cause s_client to abort.
>
> Given the errors should occur 1 in 256 iterations, I think
> we can conclude this bug does not exist in JDK-6.
>
> Apologies for the wasted electrons.
>
More information about the jdk6-dev
mailing list