Code Review Request: TLS 1.3 Implementation
Valerie Peng
valerie.peng at oracle.com
Tue Jun 12 19:07:21 UTC 2018
I see. Maybe document what you explained for these flags would help.
Update looks good.
Thanks,
Valerie
On 6/11/2018 5:23 PM, Xuelei Fan wrote:
> Update: http://hg.openjdk.java.net/jdk/sandbox/rev/0811eaea3cd4
>
> On 6/11/2018 3:44 PM, Valerie Peng wrote:
>> Hi Xuelei,
>>
>> <sun/security/ssl/SSLConfiguration.java>
>>
>> - If no child class intended, class may be made final.
> Updated.
>
>> - line 99-101 and 120-133: delete as the comments said so?
> It is used for interop testing right now. I will remove them before
> we ship the product. It it tracked with:
> https://bugs.openjdk.java.net/browse/JDK-8204636
>
>> - I have some doubt on line 191 and 198, does
>> "noSniExtension/Matcher" means "no SNI Extension/Matcher"? If yes, it
>> seems that the condition should be
>>
>> if (serverNames.isEmpty() || noSniExtension) {
>>
> The checking is a little bit confusing. If serverNames is an empty
> list, it may indicate one of two status:
> . the server names is configured to be empty, or
> . the server name is not configured
>
> The behaviors of the two status are different, so we introduced
> another flag, 'noSniExtension', which is used together with
> serverNames.isEmpty() to identify the status.
>
> It's confusing to me as well. Looks like we can make an improvement
> here. I will think more about it.
>
>> - Essentially getEnabledExtensions(SSLHandshake, ProtocolVersion) is
>> almost same as getEnabledExtensions(SSLHandshake,
>> List<ProtocolVersion>. It looks possible to refactor the impl to
>> minimize code duplication. But this is no big deal.
>>
> Good point. Updated.
>
> Thanks,
> Xuelei
>
>> Thanks,
>> Valerie
>>
>>
>> On 5/25/2018 4:45 PM, Xuelei Fan wrote:
>>> Hi,
>>>
>>> I'd like to invite you to review the TLS 1.3 implementation. I
>>> appreciate it if I could have compatibility and specification
>>> feedback before May 31, 2018, and implementation feedback before
>>> June 7, 2018.
>>>
>>> Here is the webrev:
>>> http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.00
>>>
>>> The formal TLS 1.3 specification is not finalized yet, although it
>>> had been approved to be a standard. The implementation is based on
>>> the draft version 28:
>>> https://tools.ietf.org/html/draft-ietf-tls-tls13-28
>>>
>>> For the overall description of this enhancement, please refer to JEP
>>> 332:
>>> http://openjdk.java.net/jeps/332
>>>
>>> For the compatibility and specification update, please refer to CSR
>>> 8202625:
>>> https://bugs.openjdk.java.net/browse/JDK-8202625
>>>
>>> Note that we are using the sandbox for the development right now.
>>> For more information, please refer to Bradford's previous email:
>>>
>>> http://mail.openjdk.java.net/pipermail/security-dev/2018-May/017139.html
>>>
>>>
>>> Thanks & Regards,
>>> Xuelei
>>
More information about the security-dev
mailing list