[11] RFR: JDK-8205111: Develop new Test to verify different key types for supported TLS protocols.
Sibabrata Sahoo
sibabrata.sahoo at oracle.com
Tue Jun 26 07:09:33 UTC 2018
Hi Xuelei,
Please review the updated webrev: http://cr.openjdk.java.net/~ssahoo/8205111/webrev.01/
- Now rsa_pss_pss* uses " DHE or ECDHE_RSA " ciphers for TLSv1.2 which is working fine now.
- Additional code added for " read/write " after re-handshake.
John,
- PKCS12 used instead of JKS.
- Comment section for private key updated.
- try with resource used for socket.
- "clientRenegoReady" variable is actually used and updated. Please check the Client section too. It is used for re-handshake completion. Yes it Is working as expected.
- Multiple @run added to have the flexibility to change the parameter(Cipher) which are not in order(shuffled).
Thanks,
Siba
-----Original Message-----
From: Xuelei Fan
Sent: Thursday, June 21, 2018 7:28 PM
To: Sibabrata Sahoo <sibabrata.sahoo at oracle.com>; security-dev at openjdk.java.net
Subject: Re: [11] RFR: JDK-8205111: Develop new Test to verify different key types for supported TLS protocols.
Note that rsa_pss_pss cannot work with TLS_RSA_WITH cipher suites, as this algorithm is limited to signature whiel TLS_RSA cipher suites need key encipherment. In lines 135-156, you can replace the TLS_RSA cipher suite with DHE or ECDHE_RSA.
For the re-handshake part, please read/write something after the call to
startHandshake() in each side. Otherwise, the key-update and session resumption may not complete before socket close.
Otherwise, looks fine to me.
Thanks,
Xuelei
On 6/20/2018 11:58 PM, Sibabrata Sahoo wrote:
> Hi Xuelei,
>
> Please review the patch for,
>
> JBS: https://bugs.openjdk.java.net/browse/JDK-8205111
>
> Webrev: http://cr.openjdk.java.net/~ssahoo/8205111/webrev.00/
>
> Change:
>
> This Test file verifies all TLS protocols with the supported keytypes.
>
> Thanks,
>
> Siba
>
More information about the security-dev
mailing list