Code review request, JDK-6956398, make ephemeral DH key match the length of the certificate key
Xuelei Fan
xuelei.fan at oracle.com
Wed Sep 25 09:50:56 UTC 2013
Thanks for the code review. ;-) There is a overloaded comment because
this update is really complicated because of compatibilities although
the update is simple. I hope the coder reader can understand the logic
a little easier.
Xuelei
On 9/25/2013 4:44 PM, Weijun Wang wrote:
> Please also update the CCC.
>
> On 9/24/13 6:42 PM, Xuelei Fan wrote:
>> new webrev: http://cr.openjdk.java.net/~xuelei/6956398/webrev.01/
>
> ServerHandshaker.java:
>
> 1298: Should be "system property not defined".
>
> 1311: customize
>
> 1319: Read below
>
> Overall, I think the comment is too long. :)
>
> ...
>
>>> Why not throw an error when it's an illegal value?
>> If it is a invalid integer (an integer between 1024 and 2048),
>> IllegalArgumentException is thrown.
>
> ...
>
>>> I think you can say something
>>> like "Due to the limitation of underlying JCE providers, the actual
>>> keysize of the ephemeral DH key generated could be smaller. The maximum
>>> keysize for JDK 8 is 2048".
>> Cool!
>
> The two quotes above conflict with each other.
>
> When I said "actual" I meant if a user sets the property value to 4096,
> the system might actually use 2048. If you want to throw an exception,
> your original words are better.
>
> Thanks
> Max
More information about the security-dev
mailing list