Code Review Request: TLS 1.3 Implementation
Anthony Scarpino
anthony.scarpino at oracle.com
Fri Jun 15 16:27:57 UTC 2018
On 06/15/2018 06:53 AM, Xuelei Fan wrote:
> SSLCipher.java
> --------------
> In the implementation, the key usage impacts the write side only. I
> think the read side should also limit the key usage.
I remember it being discussed many many months ago we at first planned
to do the read side, but then decided it was not necessary. Are we
changing the decision?
>
> The crypto limit issues applies to TLS 1.2 and prior versions as well.
I know we talked about doing this but I believe we decided against doing
this because in prior versions can ignore HelloRequest and other
complications that could cause sessions to be disconnected. I think it
was also a nice to have but 1.3 was more important, prior version could
be done later.
>
> Xuelei
>
> On 6/8/2018 10:21 AM, Xuelei Fan wrote:
>> Here is the 3rd full webrev:
>> http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.02
>>
>> and the delta update to the 1st webrev:
>> http://cr.openjdk.java.net/~xuelei/8196584/webrev-delta.01
>>
>> Xuelei
>>
>> On 6/3/2018 9:43 PM, Xuelei Fan wrote:
>>> Hi,
>>>
>>> Here it the 2nd full webrev:
>>> http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.01
>>>
>>> and the delta update to the 1st webrev:
>>> http://cr.openjdk.java.net/~xuelei/8196584/webrev-delta.00/
>>>
>>> Xuelei
>>>
>>> On 5/25/2018 4:45 PM, Xuelei Fan wrote:
>>>> Hi,
>>>>
>>>> I'd like to invite you to review the TLS 1.3 implementation. I
>>>> appreciate it if I could have compatibility and specification
>>>> feedback before May 31, 2018, and implementation feedback before
>>>> June 7, 2018.
>>>>
>>>> Here is the webrev:
>>>> http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.00
>>>>
>>>> The formal TLS 1.3 specification is not finalized yet, although it
>>>> had been approved to be a standard. The implementation is based on
>>>> the draft version 28:
>>>> https://tools.ietf.org/html/draft-ietf-tls-tls13-28
>>>>
>>>> For the overall description of this enhancement, please refer to JEP
>>>> 332:
>>>> http://openjdk.java.net/jeps/332
>>>>
>>>> For the compatibility and specification update, please refer to CSR
>>>> 8202625:
>>>> https://bugs.openjdk.java.net/browse/JDK-8202625
>>>>
>>>> Note that we are using the sandbox for the development right now.
>>>> For more information, please refer to Bradford's previous email:
>>>>
>>>> http://mail.openjdk.java.net/pipermail/security-dev/2018-May/017139.html
>>>>
>>>>
>>>> Thanks & Regards,
>>>> Xuelei
More information about the security-dev
mailing list