RFR[15] 8238677: java/net/httpclient/ssltest/CertificateTest.java should not specify TLS version

sha.jiang at oracle.com sha.jiang at oracle.com
Fri Feb 7 12:18:19 UTC 2020


Hi Daniel,

On 2020/2/7 19:29, Daniel Fuchs wrote:
> Hi John,
>
> Looks good to me. Thanks for taking care of this!
> I'm glad to see the binary files go away :-)
Thanks for your review!

>
> Would it be possible to include a comment in Cert.java that contains
> the command you used to generate the certificates?
>
> That will be a great help to future maintainers if the certificates
> ever needs to be re-generated (e.g. to update the expiry date
> etc...)

I'll do that.

Best regards,
John Jiang

>
> best regards,
>
> -- daniel
>
> Disclaimer: I am not an expert in ssl/security
>
>
> On 07/02/2020 10:51, sha.jiang at oracle.com wrote:
>> Hi,
>> java/net/httpclient/ssltest/CertificateTest.java shouldn't use a 
>> specific TLS version.
>> And it would be better not to use binary key store files.
>> Since DSA is not supported by TLSv1.3, this fix also updates the 
>> certificates to use RSA.
>>
>> Webrev: http://cr.openjdk.java.net/~jjiang/8238677/webrev.00/
>> Issue: https://bugs.openjdk.java.net/browse/JDK-8238677
>>
>> Best regards,
>> John Jiang
>>
>


More information about the security-dev mailing list