[JEP-219/JDK-8043758] Code Review Request: Datagram Transport Layer Security (DTLS)
Xuelei Fan
xuelei.fan at oracle.com
Wed May 27 12:12:04 UTC 2015
On 5/27/2015 6:46 PM, Weijun Wang wrote:
> There are several places you write
>
> // DTLS bans stream ciphers.
> if (suite.cipher.cipherType == CipherType.STREAM_CIPHER) {
> return true;
> }
>
> According to rfc6347
>
> 4.1.2.5. New Cipher Suites
>
> Upon registration, new TLS cipher suites MUST indicate whether they
> are suitable for DTLS usage and what, if any, adaptations must be
> made (see Section 7 for IANA considerations).
>
> Is it better to add a suitableForDTLS() method to CipherSuite? You can
> choose a better name.
>
At present, only stream cipher suites are not suitable for DTLS usage.
I will use the suggestion if new cipher suites are not suitable for DTLS
in the future.
> In CipherSuite.java, there are
>
> // obsoleted since protocol version
> final int obsoleted;
>
> // supported since protocol version
> final int supported;
>
> You might want to add a comment that the version must uses TLS versions
> (not DTLS versions).
>
Good! I made the update as:
// obsoleted since protocol version
//
// TLS version is used. If checking DTLS versions, please map to
// TLS version firstly. See ProtocolVersion.mapToTLSProtocol().
final int obsoleted;
// supported since protocol version (TLS version is used)
//
// TLS version is used. If checking DTLS versions, please map to
// TLS version firstly. See ProtocolVersion.mapToTLSProtocol().
final int supported;
Thanks,
Xuelei
> --Max
>
> On 5/21/2015 9:25 AM, Xuelei Fan wrote:
>> Hi,
>>
>> Please review DTLS implementation [JEP-219/JDK-8043758]:
>>
>> webrev: http://cr.openjdk.java.net/~xuelei/8043758/webrev.latest/
>> JBS: https://bugs.openjdk.java.net/browse/JDK-8043758
>>
>> I would greatly appreciate it if you could send me feedback on or before
>> May 28, 2015.
>>
>> Thanks & Regards,
>> Xuelei Fan
>>
More information about the security-dev
mailing list