[13]RFR:8224650:Add tests to support X25519 and X448 in TLS

sha.jiang at oracle.com sha.jiang at oracle.com
Thu Jun 27 08:05:10 UTC 2019


Hi,
Because Siba has to be offline for some days, now I take over this task.

Please review this updated webrev: 
http://cr.openjdk.java.net/~jjiang/8224650/webrev.01/
It covers more cipher suites, and changes SSLSocketTemplate.java on 
creating SSL context.
Now, SSLSocketTemplate.java contains new ECDSA certificates on curves 
secp384r1 and secp521r1.
But these new certificates are not used by default.

Run all tests in test/jdk/javax/net/ssl and test/jdk/sun/security/ssl, 
no failure raised.

Best regards,
John Jiang

On 2019/6/21 16:22, sha.jiang at oracle.com wrote:
>
> Hi Siba,
> I have some minor comments.
>
> Now that JDK-8225766 has been fixed, I suppose this test can cover 
> some ECDHE_ECDSA cipher suites.
>
>   48     private static volatile int index;
>   ...
>   56             for (String c : getCiphers(protocols[index], args[0])) {
>   ...
>   66         String[] ps = new String[]{protocols[index]};
> Could it directly use the protocol value, but not the index in the 
> protocol array?
> Could these cases run concurrently? Otherwise, volatile may be 
> unnecessary.
> In fact, I think both of parameters cipher and index (or directly 
> protocol) would not be static.
> They would be the members of class NamedGroupsWithCipherSuite, and can 
> be passed to the class constructor.
> Then, every case run, say "new NamedGroupsWithCipherSuite(cipher, 
> protocol).run()", could not concern these TLS parameters are modified 
> by others.
>
>  123     /**
>  124      * Get some TLSv1.1 supported ciphers.
>  125      */
>  126     private static List<String> tlsCiphers() {
>  ...
>  131
>  132     /**
>  133      * Get some TLSv1.1 supported ciphers.
>  134      */
>  135     private static List<String> dheCiphers() {
> The above methods would have different docs.
>
> More spaces would be needed in the array initialization statements, 
> for example,
>   66         String[] ps = new String[]{protocols[index]};
>   71         socket.setEnabledCipherSuites(new String[]{cipher});
> Of course, this point is trivial.
>
> Best regards,
> John Jiang
>
> On 2019/6/21 14:59, Sibabrata Sahoo wrote:
>>
>> Hi Xuelei/Brad,
>>
>> Please review the patch for,
>>
>> JBS: https://bugs.openjdk.java.net/browse/JDK-8224650
>>
>> Webrev: http://cr.openjdk.java.net/~ssahoo/8224650/webrev.00/
>>
>> This is a small Test inherited from “SSLSocketTemplate” and reuse 
>> most part of it. The only difference is, it uses supported named 
>> groups along with a fixed set of ciphers supported with different TLS 
>> protocols. Though there are large number of supported ciphers but I 
>> have selected few to ensure the Test does not take much time to 
>> complete the execution. Please let me know if you have any suggestion 
>> for improvement.
>>
>> Thanks,
>>
>> Siba
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.java.net/pipermail/security-dev/attachments/20190627/37d2820a/attachment-0001.html>


More information about the security-dev mailing list