Code Review Request: TLS 1.3 full handshake (JDK-8196584)

Anthony Scarpino anthony.scarpino at oracle.com
Thu Jun 7 23:03:00 UTC 2018


Xuelei,

I'll push updates if you're are ok with the changes.

Tony
---

ServerHandshakeContext.java
ServerHello.java
- spelling nits only

HandshakeContext.java
- Could getActiveCipherSuites() compile a list of cipher suites once per 
ProtocolVersion instead doing it for each instance of ServerHello?  The 
lists could then be cache for performance.  I believe all the checks, 
like constraints or availability, are decided at startup.  This is 
something that can be address at a later date.

  122: preferableSignatureAlgorithm is never used.
  233: Throwing IOException is not needed.
  503: isNegotiable(byte majorVersion, byte minorVersion) not used

TransportContext.java
   85: baseWriteSecret, baseReadSecret never used
  476: closeInbound()  does not need to throw SSLException

  Removing below commented out code in passiveInboundClose()
  515 // For TLS 1.3, output closure is independent from input  closure.
  516 //      if (isNegotiated && protocolVersion.useTLS13PlusSpec()) {
  517 //          return;
  518 //      }

  Removing below commented out code in initiateOutboundClose()
  582 // For TLS 1.3, output closure is independent from input closure.
  583 //
  584 //      if (isNegotiated && protocolVersion.useTLS13PlusSpec()) {
  585 //          return;
  586 //      }

  Removing below commented out code in finishHandshake()
  644 // inputRecord and outputRecord shares the same handshakeHash
  645 // inputRecord.handshakeHash.finish();


More information about the security-dev mailing list