Code Review Request: TLS 1.3 full handshake (JDK-8196584)

Xuelei Fan at
Tue Feb 20 19:57:20 UTC 2018


I'd like to invite you to review the TLS 1.3 full handshake 
implementation.  I appreciate it if I could have feedback before March 
9, 2018.

In the "JDK-8185576: New handshake implementation" [1] code review 
around, I was trying to re-org the TLS handshaking implementation in the
SunJSSE provider.  If you had reviewed that part, you can start from the 
following webrev that based on the update of JDK-8185576:

If you would like start from earlier, here is the webrev that contains 
the handshaking implementation re-org in JDK-8185576:

This changeset only implements the full handshake of TLS 1.3, rather 
then a fully implementation of the latest TLS 1.3 draft [2].

In this implementation, I removed:
1. the KRB5 cipher suite implementation.
Please let me know if you are still using KRB5 cipher suite.  I may not 
add them back if no objections.

2. OCSP stapling.
This feature will be added back later.

Resumption and key update, and more features may be added later.

Thanks & Regards,


More information about the security-dev mailing list