RFR[15] 8238677: java/net/httpclient/ssltest/CertificateTest.java should not specify TLS version

Daniel Fuchs daniel.fuchs at oracle.com
Fri Feb 7 11:29:13 UTC 2020


Hi John,

Looks good to me. Thanks for taking care of this!
I'm glad to see the binary files go away :-)

Would it be possible to include a comment in Cert.java that contains
the command you used to generate the certificates?

That will be a great help to future maintainers if the certificates
ever needs to be re-generated (e.g. to update the expiry date
etc...)

best regards,

-- daniel

Disclaimer: I am not an expert in ssl/security


On 07/02/2020 10:51, sha.jiang at oracle.com wrote:
> Hi,
> java/net/httpclient/ssltest/CertificateTest.java shouldn't use a 
> specific TLS version.
> And it would be better not to use binary key store files.
> Since DSA is not supported by TLSv1.3, this fix also updates the 
> certificates to use RSA.
> 
> Webrev: http://cr.openjdk.java.net/~jjiang/8238677/webrev.00/
> Issue: https://bugs.openjdk.java.net/browse/JDK-8238677
> 
> Best regards,
> John Jiang
> 



More information about the security-dev mailing list