RFR[10] 8186057: TLS interoperability testing between different Java versions

Artem Smotrakov artem.smotrakov at oracle.com
Thu Sep 7 08:28:48 UTC 2017


In case of SNI, SSLParemeters.setServerNames() method (and others 
related to SNI) was introduced in 8. I don't think the code which use 
this method can be compiled with 6 and 7.

But if you want to test SNI with 8+, you need to call them.

https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLParameters.html#setServerNames-java.util.List-

Artem

On 09/07/2017 11:24 AM, sha.jiang at oracle.com wrote:
> Hi Artem,
>
> On 07/09/2017 16:07, Artem Smotrakov wrote:
>>>
>>>> - Please use try-with-resources if possible (files, sockets, etc)
>>> The test uses only JDK 6-supported language features, but 
>>> try-with-resources is introduced by JDK 7.
>> Here we come to another issue. I believe that it would be good to use 
>> write clients for all JDK versions. If you use the same code for all 
>> Java versions, that means that you use only JDK 6 API. Let's consider 
>> the following:
>> - we want to test 8 vs 9
>> - 8 and 9 may have some API (or just functionality) which is not 
>> supported by 6 (for example, ALPN, SNI)
>>
>> If you write code which is compatible with 6, then you can use API 
>> from newer versions, but we still may want to test it.
> In fact, the current test has already covered ALPN, though only JDK 9 
> and 10 support the associated methods, like 
> SSLParameters.getApplicationProtocols().
> ALPN-associated case combinations are ignored if a JDK doesn't support 
> this feature. Exactly, JdkUtils checks if a specific JDK build 
> contains method SSLParameters.getApplicationProtocols().
> I think the same approach could be applied for SNI in the future.
>
> Best regards,
> John Jiang
>>
>> Artem
>>>
>>> Best regards,
>>> John Jiang
>>>>
>>>> Artem
>>>>
>>>> On 09/07/2017 08:52 AM, sha.jiang at oracle.com wrote:
>>>>> Hi,
>>>>> Please review this test for checking the interop compatibility on 
>>>>> JSSE among different JDK releases (from 6 to 10).
>>>>> It covers the cases, like handshake, data exchange, client 
>>>>> authentication and APLN, on all TLS versions (if possible).
>>>>> And the selected TLS cipher suites are: 
>>>>> TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA and 
>>>>> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA.
>>>>> For more details, please look though the README.
>>>>>
>>>>> Webrev: http://cr.openjdk.java.net/~jjiang/8186057/webrev.00
>>>>> Issue: https://bugs.openjdk.java.net/browse/JDK-8186057
>>>>>
>>>>> Best regards,
>>>>> John Jiang
>>>>>
>>>>
>>>>
>>>
>>
>>
>




More information about the security-dev mailing list