Code Review Request: TLS 1.3 Implementation

Jamil Nimeh jamil.j.nimeh at oracle.com
Fri Jun 1 14:12:02 UTC 2018



On 6/1/2018 7:11 AM, Xuelei Fan wrote:
> > http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.00
>
> CookieExtension.java
> HelloRequest.java
> HelloVerifyRequest.java
> --------------------
> Looks fine to me.
>
> HKDF.java
> ---------
> 46 class HKDF {
>
> Use "final class"?
JJN: Yes, I don't see us needing to derive child classes from this.
>
> - 65  hmacObj = Mac.getInstance(hmacAlg);
> + 65  hmacObj = JsseJce.getMac(hmacAlg);
> In case a specific crypto provider is customized.
>
> 200     SecretKey extractExpand(...
> 226     SecretKey extractExpand(SecretKey inputKey, ...
> These two methods are not used.  I may suggest remove them for now.  
> We can add them back if necessary in the future.
JJN: Yes to both of your suggested changes...they both sound fine.
>
>
> Xuelei
>
>
> On 5/25/2018 4:45 PM, Xuelei Fan wrote:
>> Hi,
>>
>> I'd like to invite you to review the TLS 1.3 implementation.  I 
>> appreciate it if I could have compatibility and specification 
>> feedback before May 31, 2018, and implementation feedback before June 
>> 7, 2018.
>>
>> Here is the webrev:
>>      http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.00
>>
>> The formal TLS 1.3 specification is not finalized yet, although it 
>> had been approved to be a standard.  The implementation is based on 
>> the draft version 28:
>>      https://tools.ietf.org/html/draft-ietf-tls-tls13-28
>>
>> For the overall description of this enhancement, please refer to JEP 
>> 332:
>>      http://openjdk.java.net/jeps/332
>>
>> For the compatibility and specification update, please refer to CSR 
>> 8202625:
>>      https://bugs.openjdk.java.net/browse/JDK-8202625
>>
>> Note that we are using the sandbox for the development right now.  
>> For more information, please refer to Bradford's previous email:
>>
>> http://mail.openjdk.java.net/pipermail/security-dev/2018-May/017139.html
>>
>> Thanks & Regards,
>> Xuelei



More information about the security-dev mailing list