RFR 8223482: Unsupported ciphersuites may be offered by a TLS client

Martin Balao mbalao at redhat.com
Fri May 24 20:53:53 UTC 2019


Hi Xuelei,

On 5/24/19 5:17 PM, Xuelei Fan wrote:
> If I understand correctly, you run the test with the patch of webrev01?
>    http://cr.openjdk.java.net/~mbalao/webrevs/8223482/8223482.webrev.01/
> 

Yes, this is correct.

> 
>> FIPS_without_8223482_webrev01.txt average: 358.42 ms
>> NON_FIPS_without_8223482_webrev01.txt average: 771.34 ms
>>
> If I understand correctly, you run the test with the pacth of webrev00?
>    http://cr.openjdk.java.net/~mbalao/webrevs/8223482/8223482.webrev.00/

No, this is not correct. "without_8223482" means no patch at all, just
the base line JDK (at revision fb0cfce19262, 2019-05-23).

In my opinion, it makes no sense to continue measuring Webrev.00 because
it has a considerable impact as shown by previous benchmarks.

> 
> From the above numbers, the FIPS_with_8223482_webrev01 is better than
> FIPS_without_8223482_webrev01, but NON_FIPS_with_8223482_webrev01 is
> worse than NON_FIPS_without_8223482_webrev01.  It is a little bit
> strange to me.

Yes, looks strange that FIPS with patch is better than without patch.
However, we need to consider that the difference is not a big one and
the margin of error we have. If you ask me, I'd say they are roughly the
same.

> 
> Did you have the numbers for the latest JDK build, without any patch?

As I said, "without" means the latest JDK without any patch.

Kind regards,
Martin.-




More information about the security-dev mailing list