[13]RFR:8224650:Add tests to support X25519 and X448 in TLS

sha.jiang at oracle.com sha.jiang at oracle.com
Fri Jun 21 08:22:42 UTC 2019 

Hi Siba,
I have some minor comments.

Now that JDK-8225766 has been fixed, I suppose this test can cover some 
ECDHE_ECDSA cipher suites.

   48     private static volatile int index;
   ...
   56             for (String c : getCiphers(protocols[index], args[0])) {
   ...
   66         String[] ps = new String[]{protocols[index]};
Could it directly use the protocol value, but not the index in the 
protocol array?
Could these cases run concurrently? Otherwise, volatile may be unnecessary.
In fact, I think both of parameters cipher and index (or directly 
protocol) would not be static.
They would be the members of class NamedGroupsWithCipherSuite, and can 
be passed to the class constructor.
Then, every case run, say "new NamedGroupsWithCipherSuite(cipher, 
protocol).run()", could not concern these TLS parameters are modified by 
others.

  123     /**
  124      * Get some TLSv1.1 supported ciphers.
  125      */
  126     private static List<String> tlsCiphers() {
  ...
  131
  132     /**
  133      * Get some TLSv1.1 supported ciphers.
  134      */
  135     private static List<String> dheCiphers() {
The above methods would have different docs.

More spaces would be needed in the array initialization statements, for 
example,
   66         String[] ps = new String[]{protocols[index]};
   71         socket.setEnabledCipherSuites(new String[]{cipher});
Of course, this point is trivial.

Best regards,
John Jiang

On 2019/6/21 14:59, Sibabrata Sahoo wrote:
>
> Hi Xuelei/Brad,
>
> Please review the patch for,
>
> JBS: https://bugs.openjdk.java.net/browse/JDK-8224650
>
> Webrev: http://cr.openjdk.java.net/~ssahoo/8224650/webrev.00/
>
> This is a small Test inherited from “SSLSocketTemplate” and reuse most 
> part of it. The only difference is, it uses supported named groups 
> along with a fixed set of ciphers supported with different TLS 
> protocols. Though there are large number of supported ciphers but I 
> have selected few to ensure the Test does not take much time to 
> complete the execution. Please let me know if you have any suggestion 
> for improvement.
>
> Thanks,
>
> Siba
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20190621/d2a99b60/attachment.htm>

More information about the security-dev mailing list