RFR: 8284694: Avoid evaluating SSLAlgorithmConstraints twice
Daniel Jeliński
djelinski at openjdk.java.net
Tue Apr 12 13:10:16 UTC 2022
During TLS handshake, hundreds of constraints are evaluated to determine which cipher suites are usable. Most of the evaluations are performed using `HandshakeContext#algorithmConstraints` object. By default that object contains a `SSLAlgorithmConstraints` instance wrapping another `SSLAlgorithmConstraints` instance. As a result the constraints defined in `SSLAlgorithmConstraints` are evaluated twice.
This PR improves the default case; if the user-specified constraints are left at defaults, we use a single `SSLAlgorithmConstraints` instance, and avoid duplicate checks.
-------------
Commit messages:
- Fix file attributes
- Fix file attributes
- Avoid wrapping default constraints
- Add handshake bench
Changes: https://git.openjdk.java.net/jdk/pull/8199/files
Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=8199&range=00
Issue: https://bugs.openjdk.java.net/browse/JDK-8284694
Stats: 337 lines in 4 files changed: 336 ins; 0 del; 1 mod
Patch: https://git.openjdk.java.net/jdk/pull/8199.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/8199/head:pull/8199
PR: https://git.openjdk.java.net/jdk/pull/8199
More information about the security-dev
mailing list