RFR[15] 8238677: java/net/httpclient/ssltest/CertificateTest.java should not specify TLS version
Daniel Fuchs
daniel.fuchs at oracle.com
Fri Feb 7 11:29:13 UTC 2020
Hi John,
Looks good to me. Thanks for taking care of this!
I'm glad to see the binary files go away :-)
Would it be possible to include a comment in Cert.java that contains
the command you used to generate the certificates?
That will be a great help to future maintainers if the certificates
ever needs to be re-generated (e.g. to update the expiry date
etc...)
best regards,
-- daniel
Disclaimer: I am not an expert in ssl/security
On 07/02/2020 10:51, sha.jiang at oracle.com wrote:
> Hi,
> java/net/httpclient/ssltest/CertificateTest.java shouldn't use a
> specific TLS version.
> And it would be better not to use binary key store files.
> Since DSA is not supported by TLSv1.3, this fix also updates the
> certificates to use RSA.
>
> Webrev: http://cr.openjdk.java.net/~jjiang/8238677/webrev.00/
> Issue: https://bugs.openjdk.java.net/browse/JDK-8238677
>
> Best regards,
> John Jiang
>
More information about the security-dev
mailing list