SSLContextImpl.java (was Re: Code Review Request: TLS 1.3 Implementation)
Xuelei Fan
xuelei.fan at oracle.com
Mon Jun 11 15:17:30 UTC 2018
On 6/11/2018 7:59 AM, Weijun Wang wrote:
>
>
>> On Jun 11, 2018, at 10:32 PM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>>
>>> The protocols (for example, SSLParameters::getProtocols) are now from new to old, which is opposite from the previous order. Why make this change?
>
> You didn't answer this.
>
I missed this one. The update is mainly for protocol preferences.
Previously, the older protocol presents first. Other part of the
implementation may have to revert the order so that it can fit into the
new "supported_versions" extension, where requires preference order.
>>> 41 * Instances of this class are immutable after the context is initialized.
>>> You mean instances of child of this class? It looks like this class itself can be init() multiple times.
>> Good catch! It it used to remind the implementation of this class. Reword to:
>> Implementation note: Instances of this class and the child classes are immutable, except that the context initialization (SSLContext.init()) may reset the key, trust managers and source of secure random.
>
> Maybe we can use a separate class to manage protocol/ciphersuite, and it can be real immutable.
>
It may be something we can try. I will think about it later.
Thanks,
Xuelei
More information about the security-dev
mailing list