RFR 8223482: Unsupported ciphersuites may be offered by a TLS client
Martin Balao
mbalao at redhat.com
Fri May 24 20:53:53 UTC 2019
Hi Xuelei,
On 5/24/19 5:17 PM, Xuelei Fan wrote:
> If I understand correctly, you run the test with the patch of webrev01?
> http://cr.openjdk.java.net/~mbalao/webrevs/8223482/8223482.webrev.01/
>
Yes, this is correct.
>
>> FIPS_without_8223482_webrev01.txt average: 358.42 ms
>> NON_FIPS_without_8223482_webrev01.txt average: 771.34 ms
>>
> If I understand correctly, you run the test with the pacth of webrev00?
> http://cr.openjdk.java.net/~mbalao/webrevs/8223482/8223482.webrev.00/
No, this is not correct. "without_8223482" means no patch at all, just
the base line JDK (at revision fb0cfce19262, 2019-05-23).
In my opinion, it makes no sense to continue measuring Webrev.00 because
it has a considerable impact as shown by previous benchmarks.
>
> From the above numbers, the FIPS_with_8223482_webrev01 is better than
> FIPS_without_8223482_webrev01, but NON_FIPS_with_8223482_webrev01 is
> worse than NON_FIPS_without_8223482_webrev01. It is a little bit
> strange to me.
Yes, looks strange that FIPS with patch is better than without patch.
However, we need to consider that the difference is not a big one and
the margin of error we have. If you ask me, I'd say they are roughly the
same.
>
> Did you have the numbers for the latest JDK build, without any patch?
As I said, "without" means the latest JDK without any patch.
Kind regards,
Martin.-
More information about the security-dev
mailing list