[13]RFR:8224650:Add tests to support X25519 and X448 in TLS

Xuelei Fan xuelei.fan at oracle.com
Thu Jun 27 13:33:54 UTC 2019 

Looks good to me.

Xuelei

On 6/27/2019 1:05 AM, sha.jiang at oracle.com wrote:
> Hi,
> Because Siba has to be offline for some days, now I take over this task.
> 
> Please review this updated webrev: 
> http://cr.openjdk.java.net/~jjiang/8224650/webrev.01/
> It covers more cipher suites, and changes SSLSocketTemplate.java on 
> creating SSL context.
> Now, SSLSocketTemplate.java contains new ECDSA certificates on curves 
> secp384r1 and secp521r1.
> But these new certificates are not used by default.
> 
> Run all tests in test/jdk/javax/net/ssl and test/jdk/sun/security/ssl, 
> no failure raised.
> 
> Best regards,
> John Jiang
> 
> On 2019/6/21 16:22, sha.jiang at oracle.com wrote:
>>
>> Hi Siba,
>> I have some minor comments.
>>
>> Now that JDK-8225766 has been fixed, I suppose this test can cover 
>> some ECDHE_ECDSA cipher suites.
>>
>>   48     private static volatile int index;
>>   ...
>>   56             for (String c : getCiphers(protocols[index], args[0])) {
>>   ...
>>   66         String[] ps = new String[]{protocols[index]};
>> Could it directly use the protocol value, but not the index in the 
>> protocol array?
>> Could these cases run concurrently? Otherwise, volatile may be 
>> unnecessary.
>> In fact, I think both of parameters cipher and index (or directly 
>> protocol) would not be static.
>> They would be the members of class NamedGroupsWithCipherSuite, and can 
>> be passed to the class constructor.
>> Then, every case run, say "new NamedGroupsWithCipherSuite(cipher, 
>> protocol).run()", could not concern these TLS parameters are modified 
>> by others.
>>
>>  123     /**
>>  124      * Get some TLSv1.1 supported ciphers.
>>  125      */
>>  126     private static List<String> tlsCiphers() {
>>  ...
>>  131
>>  132     /**
>>  133      * Get some TLSv1.1 supported ciphers.
>>  134      */
>>  135     private static List<String> dheCiphers() {
>> The above methods would have different docs.
>>
>> More spaces would be needed in the array initialization statements, 
>> for example,
>>   66         String[] ps = new String[]{protocols[index]};
>>   71         socket.setEnabledCipherSuites(new String[]{cipher});
>> Of course, this point is trivial.
>>
>> Best regards,
>> John Jiang
>>
>> On 2019/6/21 14:59, Sibabrata Sahoo wrote:
>>>
>>> Hi Xuelei/Brad,
>>>
>>> Please review the patch for,
>>>
>>> JBS: https://bugs.openjdk.java.net/browse/JDK-8224650
>>>
>>> Webrev: http://cr.openjdk.java.net/~ssahoo/8224650/webrev.00/
>>>
>>> This is a small Test inherited from “SSLSocketTemplate” and reuse 
>>> most part of it. The only difference is, it uses supported named 
>>> groups along with a fixed set of ciphers supported with different TLS 
>>> protocols. Though there are large number of supported ciphers but I 
>>> have selected few to ensure the Test does not take much time to 
>>> complete the execution. Please let me know if you have any suggestion 
>>> for improvement.
>>>
>>> Thanks,
>>>
>>> Siba
>>>

More information about the security-dev mailing list