Code Review Request: TLS 1.3 full handshake (JDK-8196584)

Valerie Peng valerie.peng at oracle.com
Mon Jun 11 18:16:29 UTC 2018 

Looks good~

Valerie


On 6/8/2018 4:52 PM, Xuelei Fan wrote:
> Update: http://hg.openjdk.java.net/jdk/sandbox/rev/ad4c1c488574
>
> This update cleans the unused methods in RSASignature.java.
>
> Xuelei
>
> On 6/7/2018 5:25 PM, Xuelei Fan wrote:
>> On 6/7/2018 3:27 PM, Valerie Peng wrote:
>>> Hi Xuelei,
>>>
>>> <sun/security/ssl/RSASignature.java> There seems to be inconsistency 
>>> in whether you can override the internal md5, sha1 digest objects 
>>> through the engineSetParameter(String, Object) call.
>> I agreed.  The use of RSASignature is limited in the provider. The 
>> engineSetParameter() is not used so we don't allow the method in the 
>> implementation.
>>
>>> Assuming we no longer need to override the internal digest objects, 
>>> we can remove getInternalInstance(), setHashes(...).
>> I agreed.
>>
>>> Also, not sure how useful is RSASignature.getInstance() as it simply 
>>> calls JsseJce.getSignature(JsseJce.SIGNATURE_SSLRSA);
>>>
>> The calls to JsseJce.getSignature() are mainly to use the specific 
>> FIPS SunJSSE.cryptoProvider.  Although FIPS is an old experimental 
>> feature, we don't remove it from the provider yet. So you may see 
>> some unusual use of getInstance() that calling into JsseJce impl.
>>
>> Thanks,
>> Xuelei
>>
>>> Still looking at more files, just thought that I will get this to 
>>> you first.
>>>
>>> Valerie
>>>
>>>
>>> On 2/20/2018 11:57 AM, Xuelei Fan wrote:
>>>> Hi,
>>>>
>>>> I'd like to invite you to review the TLS 1.3 full handshake 
>>>> implementation.  I appreciate it if I could have feedback before 
>>>> March 9, 2018.
>>>>
>>>> In the "JDK-8185576: New handshake implementation" [1] code review 
>>>> around, I was trying to re-org the TLS handshaking implementation 
>>>> in the
>>>> SunJSSE provider.  If you had reviewed that part, you can start 
>>>> from the following webrev that based on the update of JDK-8185576:
>>>> http://cr.openjdk.java.net/~xuelei/8196584/webrev-step.00
>>>>
>>>> If you would like start from earlier, here is the webrev that 
>>>> contains the handshaking implementation re-org in JDK-8185576:
>>>> http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.00
>>>>
>>>>
>>>> This changeset only implements the full handshake of TLS 1.3, 
>>>> rather then a fully implementation of the latest TLS 1.3 draft [2].
>>>>
>>>> In this implementation, I removed:
>>>> 1. the KRB5 cipher suite implementation.
>>>> Please let me know if you are still using KRB5 cipher suite.  I may 
>>>> not add them back if no objections.
>>>>
>>>> 2. OCSP stapling.
>>>> This feature will be added back later.
>>>>
>>>> Resumption and key update, and more features may be added later.
>>>>
>>>> Thanks & Regards,
>>>> Xuelei
>>>>
>>>> [1]: 
>>>> http://mail.openjdk.java.net/pipermail/security-dev/2017-December/016642.html 
>>>>
>>>> [2]: https://tools.ietf.org/html/draft-ietf-tls-tls13-24
>>>

More information about the security-dev mailing list