[8u] TLSv1.3 RFR: 8245681: Add TLSv1.3 regression test from 11.0.7

Alexey Bakhtin alexey at azul.com
Wed Aug 19 13:31:03 UTC 2020 

Hi Martin,

Please find new version of the patch for TLSv1.3 regression test:
http://cr.openjdk.java.net/~abakhtin/tls1.3/8245466/8245681/webrev.v3/
Git diff: http://cr.openjdk.java.net/~abakhtin/tls1.3/8245466/8245681/webrev.v3/jdk.git.diff

In this version I’ve added MFLN tests from JDK11. Even if JDK8 does not supported SSLParameters.set/getMaximumPacketSize​() methods, server side can process MFLN Extension received from the client. These tests will modified for JDK8 in the next step : JDK-8251478

test/lib/testlibrary/jdk/testlibrary/SimpleSSLContext.java is removed

Regards
Alexey

> On 13 Aug 2020, at 12:21, Alexey Bakhtin <alexey at azul.com> wrote:
> 
> Hi Martin,
> 
> Please see my comments below.
> 
> Regards
> Alexey
> 
>> On 12 Aug 2020, at 23:27, Martin Balao <mbalao at redhat.com> wrote:
>> 
>> Hi Alexey,
>> 
>> Thanks for proposing this patch.
>> 
>> On 8/12/20 2:51 PM, Alexey Bakhtin wrote:
>>> Please find new version of the patch for TLSv1.3 regression tests:
>>> http://cr.openjdk.java.net/~abakhtin/tls1.3/8245466/8245681/webrev.v2/
>>> Git diff: http://cr.openjdk.java.net/~abakhtin/tls1.3/8245466/8245681/webrev.v2/jdk.git.diff
>>> 
>>> This patch adds TLS related tests from JDK11.07 without any modification.
>>> This patch does not include:
>>> - DTLS tests:
>>> - javax/net/ssl/DTLS
>>> - javax/net/ssl/DTLSv10
>>> - sun/security/ssl/SSLContextImpl
>>>   - CustomizedDTLSDefaultProtocols.java
>>>   - CustomizedDTLSServerDefaultProtocols.java
>>>   - DefaultDTLSEnabledProtocols.java
>> 
>> Ok.
>> 
>>> - javax/net/ssl/finalize:
>>>  This test was added as part of JDK-8169416. Not related to TLSv1.3 implementation. Test uses unsupported Reference.reachabilityFence
>> 
>> Yeah, I see the problem. Contrary to MFLN (see below), I'm not that
>> concerned about this test. I'm okay.
>> 
>>> - javax/net/ssl/HttpsURLConnection/Equals.java
>>>  This test was added as part of JDK-8055299. Not backported to JDK8 yet
>> 
>> Why?
> JDK-8055299 is not backported to JDK8u and not related to TLSv1.3 functionality.
> This fix can be backported separately
> 
>> 
>>> - MFLNTest tests:
>>> - javax/net/ssl/TLS/TLSMFLNTest.java
>>> - javax/net/ssl/TLS1/TLSMFLNTest.java
>>> - javax/net/ssl/TLS11/TLSMFLNTest.java
>>> These tests based on the SSLParameters.setMaximumPacketSize​() public API which is not  available in JDK8:
>> 
>> We've introduced the MFLN extension with the new SunJSSE engine, so
>> looks to me that these tests are important. Can you please point me to
>> this dependency? We need to figure out a way of bypassing the
>> dependency, even if we need to use non-public APIs. I'd only agree if we
>> have a strong reason -but I hope we don't-.
> 
> TLSMFLNTest tests are based on the TLSCommon/SSLEngineTestCase.java class.
> SSLEngineTestCase uses SSLParameters.setMaximumPacketSize() to change default Max Fragment Length.
> Actually, it is interesting situation. It seems MFL can be set with SSLParameters.setMaximumPacketSize() API only. This API is not available in JDK8u and MFLNExtension is not usable without this API (client sends MFLNExtension if it is not default only)
> So, we need custom API to set/get MaxPacketSize or exclude MFLNExtension functionality from the implementation.
> 
>> 
>>> - TEST.properties files for different tests. These files are not required for JDK8
>> 
>> Ok.
>> 
>> In addition to the previous, I've noticed that Step 11 adds a few files
>> not in previous SSL-related categories:
>> 
>> * test/java/security/testlibrary/CertificateBuilder.java (new)
>> * test/java/security/testlibrary/SimpleOCSPServer.java (new)
> These classes used by javax/net/ssl/Stapling and sun/security/ssl/Stapling tests
> These classes was added as part of JDK-8046321: OCSP Stapling for TLS
>> * test/lib/testlibrary/jdk/testlibrary/SimpleSSLContext.java (new)
> This class should be excluded.
> It is used by javax/net/ssl/HttpsURLConnection/Equals.java which is not added in this step, so SimpleSSLContext.java is not required
> 
>> 
>> How did you find them?
> 
> I've found these classes by running and fixing test dependency
> 
>> Seems that they are not part of 8196584 (original
>> TLS 1.3 patch). My question is not only to judge these files but also to
>> make sure that we are not missing anything.
>> 
>> Thanks,
>> Martin.-

More information about the jdk8u-dev mailing list