[8u] TLSv1.3 RFR: 8245681: Add TLSv1.3 regression test from 11.0.7

Alexey Bakhtin alexey at azul.com
Thu Aug 13 09:21:08 UTC 2020 

Hi Martin,

Please see my comments below.

Regards
Alexey

> On 12 Aug 2020, at 23:27, Martin Balao <mbalao at redhat.com> wrote:
> 
> Hi Alexey,
> 
> Thanks for proposing this patch.
> 
> On 8/12/20 2:51 PM, Alexey Bakhtin wrote:
>> Please find new version of the patch for TLSv1.3 regression tests:
>> http://cr.openjdk.java.net/~abakhtin/tls1.3/8245466/8245681/webrev.v2/
>> Git diff: http://cr.openjdk.java.net/~abakhtin/tls1.3/8245466/8245681/webrev.v2/jdk.git.diff
>> 
>> This patch adds TLS related tests from JDK11.07 without any modification.
>> This patch does not include:
>> - DTLS tests:
>>  - javax/net/ssl/DTLS
>>  - javax/net/ssl/DTLSv10
>>  - sun/security/ssl/SSLContextImpl
>>    - CustomizedDTLSDefaultProtocols.java
>>    - CustomizedDTLSServerDefaultProtocols.java
>>    - DefaultDTLSEnabledProtocols.java
> 
> Ok.
> 
>> - javax/net/ssl/finalize:
>>   This test was added as part of JDK-8169416. Not related to TLSv1.3 implementation. Test uses unsupported Reference.reachabilityFence
> 
> Yeah, I see the problem. Contrary to MFLN (see below), I'm not that
> concerned about this test. I'm okay.
> 
>> - javax/net/ssl/HttpsURLConnection/Equals.java
>>   This test was added as part of JDK-8055299. Not backported to JDK8 yet
> 
> Why?
JDK-8055299 is not backported to JDK8u and not related to TLSv1.3 functionality.
This fix can be backported separately

> 
>> - MFLNTest tests:
>>  - javax/net/ssl/TLS/TLSMFLNTest.java
>>  - javax/net/ssl/TLS1/TLSMFLNTest.java
>>  - javax/net/ssl/TLS11/TLSMFLNTest.java
>>  These tests based on the SSLParameters.setMaximumPacketSize​() public API which is not  available in JDK8:
> 
> We've introduced the MFLN extension with the new SunJSSE engine, so
> looks to me that these tests are important. Can you please point me to
> this dependency? We need to figure out a way of bypassing the
> dependency, even if we need to use non-public APIs. I'd only agree if we
> have a strong reason -but I hope we don't-.

TLSMFLNTest tests are based on the TLSCommon/SSLEngineTestCase.java class.
SSLEngineTestCase uses SSLParameters.setMaximumPacketSize() to change default Max Fragment Length.
Actually, it is interesting situation. It seems MFL can be set with SSLParameters.setMaximumPacketSize() API only. This API is not available in JDK8u and MFLNExtension is not usable without this API (client sends MFLNExtension if it is not default only)
So, we need custom API to set/get MaxPacketSize or exclude MFLNExtension functionality from the implementation.

> 
>> - TEST.properties files for different tests. These files are not required for JDK8
> 
> Ok.
> 
> In addition to the previous, I've noticed that Step 11 adds a few files
> not in previous SSL-related categories:
> 
>  * test/java/security/testlibrary/CertificateBuilder.java (new)
>  * test/java/security/testlibrary/SimpleOCSPServer.java (new)
These classes used by javax/net/ssl/Stapling and sun/security/ssl/Stapling tests
These classes was added as part of JDK-8046321: OCSP Stapling for TLS
>  * test/lib/testlibrary/jdk/testlibrary/SimpleSSLContext.java (new)
This class should be excluded.
It is used by javax/net/ssl/HttpsURLConnection/Equals.java which is not added in this step, so SimpleSSLContext.java is not required

> 
> How did you find them?

I've found these classes by running and fixing test dependency

> Seems that they are not part of 8196584 (original
> TLS 1.3 patch). My question is not only to judge these files but also to
> make sure that we are not missing anything.
> 
> Thanks,
> Martin.-
>

More information about the jdk8u-dev mailing list