RFR [15] JDK-8242145, New System Properties to configure the TLS signature schemes
Jamil Nimeh
jamil.j.nimeh at oracle.com
Wed Apr 15 17:02:10 UTC 2020
Looks good!
--Jamil
On 4/15/2020 9:41 AM, Xuelei Fan wrote:
> All good catches. The webrev was updated accordingly:
> Webrev: http://cr.openjdk.java.net/~xuelei/8242145/webrev.00/
>
> Xuelei
>
> On 4/14/2020 10:03 PM, Jamil Nimeh wrote:
>> Looks pretty good, a couple questions/comments:
>>
>> * SSLConfiguration.java
>> o Line 471-473: Does the call to SignatureScheme.nameOf(String)
>> ever throw IAE? I don't see anything in the for-each loop in
>> that method that would.
>> * CustomizedClientSchemes and CustomizedServerSchemes
>> o Line 44 (both): Just a nit, but the comment looks like it was
>> lifted from a different test and should be changed to reflect
>> that your forcing a single signature scheme.
>>
>> --Jamil
>>
>> On 4/14/2020 8:42 PM, Xuelei Fan wrote:
>>> ping ...
>>>
>>> On 4/3/2020 4:13 PM, Xuelei Fan wrote:
>>>> Hi,
>>>>
>>>> Could I get the following update reviewed?
>>>>
>>>> Webrev: http://cr.openjdk.java.net/~xuelei/8242145/webrev.00/
>>>>
>>>> Bug: https://bugs.openjdk.java.net/browse/JDK-8242141
>>>> CSR: https://bugs.openjdk.java.net/browse/JDK-8242145
>>>> Release-note: https://bugs.openjdk.java.net/browse/JDK-8242147
>>>>
>>>> A third party's TLS implementation may not be able to handle a
>>>> certain signature schemes, and cannot interop with JDK. Although
>>>> the implementation does not comply to TLS specifications, the
>>>> impact could be significant if an application that uses the
>>>> implementation is popular.
>>>>
>>>> Thanks,
>>>> Xuelei
More information about the security-dev
mailing list