[11] RFR: JDK-8205111: Develop new Test to verify different key types for supported TLS protocols.

Xuelei Fan xuelei.fan at oracle.com
Tue Jun 26 14:29:31 UTC 2018


Looks fine to me.

Thanks,
Xuelei

On 6/26/2018 12:09 AM, Sibabrata Sahoo wrote:
> Hi Xuelei,
> 
> Please review the updated webrev: http://cr.openjdk.java.net/~ssahoo/8205111/webrev.01/
> 
> - Now rsa_pss_pss* uses " DHE or ECDHE_RSA " ciphers for TLSv1.2 which is working fine now.
> - Additional code added for " read/write " after re-handshake.
> 
> John,
> - PKCS12 used instead of JKS.
> - Comment section for private key updated.
> - try with resource used for socket.
> - "clientRenegoReady" variable is actually used and updated. Please check the Client section too. It is used for re-handshake completion. Yes it Is working as expected.
> - Multiple @run added to have the flexibility to change the parameter(Cipher) which are not in order(shuffled).
> 
> Thanks,
> Siba
> 
> -----Original Message-----
> From: Xuelei Fan
> Sent: Thursday, June 21, 2018 7:28 PM
> To: Sibabrata Sahoo <sibabrata.sahoo at oracle.com>; security-dev at openjdk.java.net
> Subject: Re: [11] RFR: JDK-8205111: Develop new Test to verify different key types for supported TLS protocols.
> 
> Note that rsa_pss_pss cannot work with TLS_RSA_WITH cipher suites, as this algorithm is limited to signature whiel TLS_RSA cipher suites need key encipherment.  In lines 135-156, you can replace the TLS_RSA cipher suite with DHE or ECDHE_RSA.
> 
> For the re-handshake part, please read/write something after the call to
> startHandshake() in each side.  Otherwise, the key-update and session resumption may not complete before socket close.
> 
> Otherwise, looks fine to me.
> 
> Thanks,
> Xuelei
> 
> On 6/20/2018 11:58 PM, Sibabrata Sahoo wrote:
>> Hi Xuelei,
>>
>> Please review the patch for,
>>
>> JBS: https://bugs.openjdk.java.net/browse/JDK-8205111
>>
>> Webrev: http://cr.openjdk.java.net/~ssahoo/8205111/webrev.00/
>>
>> Change:
>>
>> This Test file verifies all TLS protocols with the supported keytypes.
>>
>> Thanks,
>>
>> Siba
>>


More information about the security-dev mailing list