RFR: 8341346: Add support for exporting TLS Keying Material [v12]
Sean Mullan
mullan at openjdk.org
Tue May 13 12:32:54 UTC 2025
On Tue, 13 May 2025 05:32:34 GMT, Bradford Wetmore <wetmore at openjdk.org> wrote:
>> Adds the RFC 5705/8446 TLS Key Exporters API/implementation to JSSE/SunJSSE respectively.
>>
>> CSR is underway.
>>
>> Tests include new unit tests for TLSv1-1.3. Will run tier1-2, plus the JCK API (jck:api/java_security jck:api/javax_crypto jck:api/javax_net jck:api/javax_security jck:api/org_ietf jck:api/javax_xml/crypto)
>
> Bradford Wetmore has updated the pull request incrementally with one additional commit since the last revision:
>
> Missed one review comment
src/java.base/share/classes/javax/net/ssl/ExtendedSSLSession.java line 189:
> 187: * {@code UnsupportedOperationException}.
> 188: * Classes derived from ExtendedSSLSession must implement
> 189: * this method.
That statement is too strong, even though `getStatusResponses` has that text, unfortunately. For one, existing provider implementations of this class are binary compatible if they upgrade to JDK 25 because they don't have to implement this method right away since it has a default implementation.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24976#discussion_r2086679927
More information about the net-dev
mailing list