RFR 8223482: Unsupported ciphersuites may be offered by a TLS client
Martin Balao
mbalao at redhat.com
Mon May 27 21:00:13 UTC 2019
Hi Xuelei,
Thanks to you for raising these concerns and providing your feedback.
On 5/24/19 7:47 PM, Xuelei Fan wrote:
> Good, I have no further comment for this update. Please go ahead.
>
> I think there is a possible improvement by calling
> Cipher.getInstance(algorithm) only one time for each transformation
> algorithm. But may not worthy as the duplicated transformation
> algorithm number is still small. I'm fine if you want to leave it as it
> is.
Yes, I agree on both statements: there can be an improvement there but
it won't be significant. Here it's Webrev.02:
* http://cr.openjdk.java.net/~mbalao/webrevs/8223482/8223482.webrev.02/
At Webrev.02, Cipher.getInstance results are cached so we don't need to
create instances unnecessary.
Benchmarks do not show any significant performance increase nor decrease
compared to Webrev.01:
Benchmark (testMode) Mode Cnt
Score Error Units
SupportedCiphersuites.test_TLS12Communication FIPS thrpt 10
167.393 ± 35.659 ops/s
SupportedCiphersuites.test_TLS12Communication NON_FIPS thrpt 10
593.441 ± 110.044 ops/s
FIPS_with_8223482_webrev02.txt average: 396.86
NON_FIPS_with_8223482_webrev02.txt average: 888.05
Are you okay to go with Webrev.02?
Kind regards,
Martin.-
More information about the security-dev
mailing list