RFR[10] 8186057: TLS interoperability testing between different Java versions

sha.jiang at oracle.com sha.jiang at oracle.com
Thu Sep 7 08:24:10 UTC 2017


Hi Artem,

On 07/09/2017 16:07, Artem Smotrakov wrote:
>>
>>> - Please use try-with-resources if possible (files, sockets, etc)
>> The test uses only JDK 6-supported language features, but 
>> try-with-resources is introduced by JDK 7.
> Here we come to another issue. I believe that it would be good to use 
> write clients for all JDK versions. If you use the same code for all 
> Java versions, that means that you use only JDK 6 API. Let's consider 
> the following:
> - we want to test 8 vs 9
> - 8 and 9 may have some API (or just functionality) which is not 
> supported by 6 (for example, ALPN, SNI)
>
> If you write code which is compatible with 6, then you can use API 
> from newer versions, but we still may want to test it.
In fact, the current test has already covered ALPN, though only JDK 9 
and 10 support the associated methods, like 
SSLParameters.getApplicationProtocols().
ALPN-associated case combinations are ignored if a JDK doesn't support 
this feature. Exactly, JdkUtils checks if a specific JDK build contains 
method SSLParameters.getApplicationProtocols().
I think the same approach could be applied for SNI in the future.

Best regards,
John Jiang
>
> Artem
>>
>> Best regards,
>> John Jiang
>>>
>>> Artem
>>>
>>> On 09/07/2017 08:52 AM, sha.jiang at oracle.com wrote:
>>>> Hi,
>>>> Please review this test for checking the interop compatibility on 
>>>> JSSE among different JDK releases (from 6 to 10).
>>>> It covers the cases, like handshake, data exchange, client 
>>>> authentication and APLN, on all TLS versions (if possible).
>>>> And the selected TLS cipher suites are: 
>>>> TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA and 
>>>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA.
>>>> For more details, please look though the README.
>>>>
>>>> Webrev: http://cr.openjdk.java.net/~jjiang/8186057/webrev.00
>>>> Issue: https://bugs.openjdk.java.net/browse/JDK-8186057
>>>>
>>>> Best regards,
>>>> John Jiang
>>>>
>>>
>>>
>>
>
>




More information about the security-dev mailing list