Code review request, JDK-6956398, make ephemeral DH key match the length of the certificate key
Weijun Wang
weijun.wang at oracle.com
Wed Sep 25 08:44:26 UTC 2013
Please also update the CCC.
On 9/24/13 6:42 PM, Xuelei Fan wrote:
> new webrev: http://cr.openjdk.java.net/~xuelei/6956398/webrev.01/
ServerHandshaker.java:
1298: Should be "system property not defined".
1311: customize
1319: Read below
Overall, I think the comment is too long. :)
...
>> Why not throw an error when it's an illegal value?
> If it is a invalid integer (an integer between 1024 and 2048),
> IllegalArgumentException is thrown.
...
>> I think you can say something
>> like "Due to the limitation of underlying JCE providers, the actual
>> keysize of the ephemeral DH key generated could be smaller. The maximum
>> keysize for JDK 8 is 2048".
> Cool!
The two quotes above conflict with each other.
When I said "actual" I meant if a user sets the property value to 4096,
the system might actually use 2048. If you want to throw an exception,
your original words are better.
Thanks
Max
More information about the security-dev
mailing list