Code Review Request: TLS 1.3 Implementation
Xuelei Fan
xuelei.fan at oracle.com
Fri Jun 15 17:00:14 UTC 2018
On 6/15/2018 9:27 AM, Anthony Scarpino wrote:
> On 06/15/2018 06:53 AM, Xuelei Fan wrote:
>> SSLCipher.java
>> --------------
>> In the implementation, the key usage impacts the write side only. I
>> think the read side should also limit the key usage.
>
> I remember it being discussed many many months ago we at first planned
> to do the read side, but then decided it was not necessary. Are we
> changing the decision?
>
It is a little bit tricky that the key and iv update triggers the write
side key/iv update only. If the peer does not implement the key usage
limit, and the local read a large bunch of data, there is a risk to
exceed the key usage limit. It might worthy an improvement by adding
the read side key usage limit later.
>>
>> The crypto limit issues applies to TLS 1.2 and prior versions as well.
>
> I know we talked about doing this but I believe we decided against doing
> this because in prior versions can ignore HelloRequest and other
> complications that could cause sessions to be disconnected. I think it
> was also a nice to have but 1.3 was more important, prior version could
> be done later.
>
Yes, we can do it later.
I added a track in the JBS:
https://bugs.openjdk.java.net/browse/JDK-8204636
Xuelei
>>
>> Xuelei
>>
>> On 6/8/2018 10:21 AM, Xuelei Fan wrote:
>>> Here is the 3rd full webrev:
>>> http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.02
>>>
>>> and the delta update to the 1st webrev:
>>> http://cr.openjdk.java.net/~xuelei/8196584/webrev-delta.01
>>>
>>> Xuelei
>>>
>>> On 6/3/2018 9:43 PM, Xuelei Fan wrote:
>>>> Hi,
>>>>
>>>> Here it the 2nd full webrev:
>>>> http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.01
>>>>
>>>> and the delta update to the 1st webrev:
>>>> http://cr.openjdk.java.net/~xuelei/8196584/webrev-delta.00/
>>>>
>>>> Xuelei
>>>>
>>>> On 5/25/2018 4:45 PM, Xuelei Fan wrote:
>>>>> Hi,
>>>>>
>>>>> I'd like to invite you to review the TLS 1.3 implementation. I
>>>>> appreciate it if I could have compatibility and specification
>>>>> feedback before May 31, 2018, and implementation feedback before
>>>>> June 7, 2018.
>>>>>
>>>>> Here is the webrev:
>>>>> http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.00
>>>>>
>>>>> The formal TLS 1.3 specification is not finalized yet, although it
>>>>> had been approved to be a standard. The implementation is based on
>>>>> the draft version 28:
>>>>> https://tools.ietf.org/html/draft-ietf-tls-tls13-28
>>>>>
>>>>> For the overall description of this enhancement, please refer to
>>>>> JEP 332:
>>>>> http://openjdk.java.net/jeps/332
>>>>>
>>>>> For the compatibility and specification update, please refer to CSR
>>>>> 8202625:
>>>>> https://bugs.openjdk.java.net/browse/JDK-8202625
>>>>>
>>>>> Note that we are using the sandbox for the development right now.
>>>>> For more information, please refer to Bradford's previous email:
>>>>>
>>>>> http://mail.openjdk.java.net/pipermail/security-dev/2018-May/017139.html
>>>>>
>>>>>
>>>>> Thanks & Regards,
>>>>> Xuelei
>
More information about the security-dev
mailing list