RFR[15] 8238677: java/net/httpclient/ssltest/CertificateTest.java should not specify TLS version

sha.jiang at oracle.com sha.jiang at oracle.com
Sat Feb 8 07:46:13 UTC 2020


Hi Daniel,

>>
>> Would it be possible to include a comment in Cert.java that contains
>> the command you used to generate the certificates?
>>
>> That will be a great help to future maintainers if the certificates
>> ever needs to be re-generated (e.g. to update the expiry date
>> etc...)
>
> I'll do that.
Please review this updated webrev: 
http://cr.openjdk.java.net/~jjiang/8238677/webrev.01/
The script, exactly gen-certs.sh, can be used to generate the certs.

Best regards,
John Jiang

>
> Best regards,
> John Jiang
>
>>
>> best regards,
>>
>> -- daniel
>>
>> Disclaimer: I am not an expert in ssl/security
>>
>>
>> On 07/02/2020 10:51, sha.jiang at oracle.com wrote:
>>> Hi,
>>> java/net/httpclient/ssltest/CertificateTest.java shouldn't use a 
>>> specific TLS version.
>>> And it would be better not to use binary key store files.
>>> Since DSA is not supported by TLSv1.3, this fix also updates the 
>>> certificates to use RSA.
>>>
>>> Webrev: http://cr.openjdk.java.net/~jjiang/8238677/webrev.00/
>>> Issue: https://bugs.openjdk.java.net/browse/JDK-8238677
>>>
>>> Best regards,
>>> John Jiang
>>>
>>


More information about the security-dev mailing list