Code Review Request: TLS 1.3 full handshake (JDK-8196584)
Anthony Scarpino
anthony.scarpino at oracle.com
Thu Jun 7 23:03:00 UTC 2018
Xuelei,
I'll push updates if you're are ok with the changes.
Tony
---
ServerHandshakeContext.java
ServerHello.java
- spelling nits only
HandshakeContext.java
- Could getActiveCipherSuites() compile a list of cipher suites once per
ProtocolVersion instead doing it for each instance of ServerHello? The
lists could then be cache for performance. I believe all the checks,
like constraints or availability, are decided at startup. This is
something that can be address at a later date.
122: preferableSignatureAlgorithm is never used.
233: Throwing IOException is not needed.
503: isNegotiable(byte majorVersion, byte minorVersion) not used
TransportContext.java
85: baseWriteSecret, baseReadSecret never used
476: closeInbound() does not need to throw SSLException
Removing below commented out code in passiveInboundClose()
515 // For TLS 1.3, output closure is independent from input closure.
516 // if (isNegotiated && protocolVersion.useTLS13PlusSpec()) {
517 // return;
518 // }
Removing below commented out code in initiateOutboundClose()
582 // For TLS 1.3, output closure is independent from input closure.
583 //
584 // if (isNegotiated && protocolVersion.useTLS13PlusSpec()) {
585 // return;
586 // }
Removing below commented out code in finishHandshake()
644 // inputRecord and outputRecord shares the same handshakeHash
645 // inputRecord.handshakeHash.finish();
More information about the security-dev
mailing list