RFR: 8372526: Add support for ZLIB TLS Certificate Compression [v22]
Koushik Muthukrishnan Thirupattur
duke at openjdk.org
Fri Feb 27 03:16:24 UTC 2026
On Thu, 19 Feb 2026 15:53:18 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> Implement certificate compression in TLS 1.3 using internally supported ZLIB compression algorithm. See RFC 8879 for more details:
>> https://datatracker.ietf.org/doc/html/rfc8879
>
> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>
> Bound the memory usage when decompressing CompressedCertificate
src/java.base/share/classes/sun/security/ssl/CompressedCertificate.java line 165:
> 163: byte[] compressedCertMsg;
> 164:
> 165: // Don't use cache if certificate_request_context is present.
NIT: Can we add more to this comment that explains what certMsg[0] represents and why it avoids caching?
src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java line 77:
> 75: private final ReentrantLock contextLock = new ReentrantLock();
> 76:
> 77: // Avoid compressing local certificates repeatedly for every handshake.
NIT: The existing comment explains the motivation, but can we also add a short note that this cache is per SSLContext and reasoning on the size ?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28682#discussion_r2862279488
PR Review Comment: https://git.openjdk.org/jdk/pull/28682#discussion_r2862277431
More information about the net-dev
mailing list