Code Review Request: TLS 1.3 full handshake (JDK-8196584)
Xuelei Fan
xuelei.fan at oracle.com
Fri Jun 8 00:32:19 UTC 2018
On 6/7/2018 1:38 PM, Jamil Nimeh wrote:
> Hello there! Only nits for these two files (and possibly more based on
> a method name change), but they've been reviewed in the past so most
> issues have already been dealt with:
>
> * SSLExtension.java
> o 39: Silly nit - you could update this to say RFC 6066, since
> we're probably working to that standard these days and if there
> are any minor diffs between the two we'd probably favor the latter.
Good catch!
> o Various: More nits - we still seem to have a few "Concumer"
> methods floating around. I'll go through the code and fix those.
> o 575 - 581: Can we remove this block or do we need to hang onto it?
I may prefer to remove this block.
> * SSLExtensions.java
> o 142-144: Another commented out chunk of code. Do we need it?
> Given where it is situated (right after a continue statement) it
> looks like something that should be removed.
>
No need of it any more.
Would you mind take care of the updates?
Thanks,
Xuelei
> --Jamil
>
>
> On 02/22/2018 12:29 PM, Xuelei Fan wrote:
>> Updated to use package private HKDF implementation.
>>
>> webrev (based on JDK-8185576):
>> http://cr.openjdk.java.net/~xuelei/8196584/webrev-step.01
>>
>> webrev (including JDK-8185576):
>> http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.01
>>
>> Thanks,
>> Xuelei
>>
>> On 2/20/2018 11:57 AM, Xuelei Fan wrote:
>>> Hi,
>>>
>>> I'd like to invite you to review the TLS 1.3 full handshake
>>> implementation. I appreciate it if I could have feedback before
>>> March 9, 2018.
>>>
>>> In the "JDK-8185576: New handshake implementation" [1] code review
>>> around, I was trying to re-org the TLS handshaking implementation in the
>>> SunJSSE provider. If you had reviewed that part, you can start from
>>> the following webrev that based on the update of JDK-8185576:
>>> http://cr.openjdk.java.net/~xuelei/8196584/webrev-step.00
>>>
>>> If you would like start from earlier, here is the webrev that
>>> contains the handshaking implementation re-org in JDK-8185576:
>>> http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.00
>>>
>>>
>>> This changeset only implements the full handshake of TLS 1.3, rather
>>> then a fully implementation of the latest TLS 1.3 draft [2].
>>>
>>> In this implementation, I removed:
>>> 1. the KRB5 cipher suite implementation.
>>> Please let me know if you are still using KRB5 cipher suite. I may
>>> not add them back if no objections.
>>>
>>> 2. OCSP stapling.
>>> This feature will be added back later.
>>>
>>> Resumption and key update, and more features may be added later.
>>>
>>> Thanks & Regards,
>>> Xuelei
>>>
>>> [1]:
>>> http://mail.openjdk.java.net/pipermail/security-dev/2017-December/016642.html
>>>
>>> [2]: https://tools.ietf.org/html/draft-ietf-tls-tls13-24
>
More information about the security-dev
mailing list