On 8038089: TLS optional support for Kerberos cipher suites needs to be re-examine

[Alan Bateman]

On 22/07/2014 02:09, Wang Weijun wrote:
> :
>
> It's meant to be a general solution, and that's why I add a support() method. Said that, we have no idea what a non-KRB5 not-certificate-based cipher suite would look like.
>
> As for Krb5Helper, it's only used by KRB5 cipher suites. I don't want to modify too many SSL codes where the helper class is called like
>
>    case KRB5: Krb5Helper.doXXX(); break;
>
> Ideally, it should be something like:
>
>    case RSA: bla-bla-bla(); break;
>    default: getHelper(ciphersuite).doXXX(); break;
>
> We will do this if we have more provider(s) later.
Okay, so it's a general interface but the only pluggability is KRB5 ciphers.


> :
>> The profiles build currently uses a simple dependency checker to ensure that there aren't any dependencies in a compact N build on something that is in a larger profile or the JRE. It allows a few exceptions, due to the need to keep jsse.jar and these are maintained in jdk/make/data/checkdeps/refs.allowed. I think this     file will need to be updated to drop references to classes that no longer exist.
> I didn't know that file. Now only one line left there.
If it's the LogManager line then they can be removed too as it was 
missed by an early change in JDK 9 where that dependency was removed.

-Alan