[JDK 8] Code review request 7188657, There should be a way to reorder the JSSE ciphers
Weijun Wang
weijun.wang at oracle.com
Wed Sep 4 02:35:03 UTC 2013
Mostly good, only some word/style issues.
SSLParameters.java:
83 * server name matchers are set to <code>null</code>, cipher
suites
84 * preference, wantClientAuth and needClientAuth are set to
85 * <code>false</code>.
Why not just use "preferLocalCipherSuites" instead of "cipher suites
preference"? Yes it looks ugly to refer to a variable name, but you've
already used "wantClientAuth". Or, at least use "useCipherSuitesOrder"
because that's used in the public method names.
Handshaker.java:
148 // Whether local cipher suites preference in server side should be
149 // honored during handshaking?
150 boolean preferLocalCipherSuites = false;
Since you apply the flag to both server and client, how about adding
something like "(it's always honored in client side)".
550 boolean isNegotiable(CipherSuite s) {
You might need to update the doc for this method saying "within the
current active cipher suites". You can even let it call the new
isNegotiable(*,*) method.
UseCipherSuitesOrder.java:
2 * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All
rights reserved.
Should be "2001, 2013".
157 // client enabled cipher suites
158 private static String[] CliEnabledCipherSuites;
159
160 // server enabled cipher suites
161 private static String[] SrvEnabledCipherSuites;
It looks weird for a variable to starts with a capital letter.
Thanks
Max
On 8/28/13 5:02 PM, Xuelei Fan wrote:
> Hi,
>
> Please review this update to support cipher suites reorder:
>
> webrev: http://cr.openjdk.java.net/~xuelei/7188657/webrev.00/
>
> Two new methods are added to SSLParameters:
> public final void setUseCipherSuitesOrder(boolean honorOrder);
> public final boolean getUseCipherSuitesOrder();
>
> If SSLParameters.getUseCipherSuitesOrder() return true, the local cipher
> suites order returned in SSLParameters.getCipherSuites() should be
> honored during SSL/TLS handshaking.
>
> Considering the potential compatibility issues of third party's
> implementation, I won't define the behaviors if
> SSLParameters.getUseCipherSuitesOrder() return false. For Oracle
> provider, SunJSSE, if getUseCipherSuitesOrder() returns false, the order
> of SSLParameters.getCipherSuites() is honored in client side, and the
> order of the requested cipher suites in client handshake message is
> honored in server side.
>
> Thanks,
> Xuelei
>
More information about the security-dev
mailing list