RFR: JDK-8166596: TLS support for the EdDSA signature algorithm

Jamil Nimeh jnimeh at openjdk.java.net
Tue Nov 17 19:47:05 UTC 2020


On Tue, 17 Nov 2020 18:29:13 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> Hello all,
>> This change brings in support for certificates with EdDSA keys (both Ed25519 and Ed448) allowing those signature algorithms to be used both on the certificates themselves and used during the handshaking process for messages like CertificateVerify, ServerKeyExchange and so forth.
>
> test/jdk/javax/net/ssl/TLSCommon/TLSWithEdDSA.java line 81:
> 
>> 79:     static final String DEF_ALL_EE = "EE_ECDSA_SECP256R1:EE_ECDSA_SECP384R1:" +
>> 80:             "EE_ECDSA_SECP521R1:EE_RSA_2048:EE_EC_RSA_SECP256R1:" +
>> 81:             "EE_DSA_2048:EE_DSA_1024:EE_ED25519:EE_ED448";
> 
> Why not use enum, array or collection directly?  Which is easy to read, I think.

I don't think there's any reason why we could use a Collection<SSLSocketTemplate.Cert> for these.  I'll try switching to that.

> test/jdk/javax/net/ssl/TLSCommon/TLSWithEdDSA.java line 592:
> 
>> 590:     }
>> 591: 
>> 592:     private static void keyManagerTests(String keyStoreSpec, String keyType,
> 
> Java method name is normally an action. What do you think if update to testKeyManager()?

Sure, easy enough to do.

-------------

PR: https://git.openjdk.java.net/jdk/pull/1197



More information about the security-dev mailing list