Code Review Request: TLS 1.3 full handshake (JDK-8196584)
Xuelei Fan
xuelei.fan at oracle.com
Tue Feb 20 19:57:20 UTC 2018
Hi,
I'd like to invite you to review the TLS 1.3 full handshake
implementation. I appreciate it if I could have feedback before March
9, 2018.
In the "JDK-8185576: New handshake implementation" [1] code review
around, I was trying to re-org the TLS handshaking implementation in the
SunJSSE provider. If you had reviewed that part, you can start from the
following webrev that based on the update of JDK-8185576:
http://cr.openjdk.java.net/~xuelei/8196584/webrev-step.00
If you would like start from earlier, here is the webrev that contains
the handshaking implementation re-org in JDK-8185576:
http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.00
This changeset only implements the full handshake of TLS 1.3, rather
then a fully implementation of the latest TLS 1.3 draft [2].
In this implementation, I removed:
1. the KRB5 cipher suite implementation.
Please let me know if you are still using KRB5 cipher suite. I may not
add them back if no objections.
2. OCSP stapling.
This feature will be added back later.
Resumption and key update, and more features may be added later.
Thanks & Regards,
Xuelei
[1]:
http://mail.openjdk.java.net/pipermail/security-dev/2017-December/016642.html
[2]: https://tools.ietf.org/html/draft-ietf-tls-tls13-24
More information about the security-dev
mailing list