RFR: 8284694: Avoid evaluating SSLAlgorithmConstraints twice [v2]
Daniel Jeliński
djelinski at openjdk.java.net
Wed Apr 13 20:32:02 UTC 2022
> During TLS handshake, hundreds of constraints are evaluated to determine which cipher suites are usable. Most of the evaluations are performed using `HandshakeContext#algorithmConstraints` object. By default that object contains a `SSLAlgorithmConstraints` instance wrapping another `SSLAlgorithmConstraints` instance. As a result the constraints defined in `SSLAlgorithmConstraints` are evaluated twice.
>
> This PR improves the default case; if the user-specified constraints are left at defaults, we use a single `SSLAlgorithmConstraints` instance, and avoid duplicate checks.
Daniel Jeliński has updated the pull request incrementally with one additional commit since the last revision:
Avoid nesting SSLAlgorithmConstraints
-------------
Changes:
- all: https://git.openjdk.java.net/jdk/pull/8199/files
- new: https://git.openjdk.java.net/jdk/pull/8199/files/9bcd0b66..b6e46ae9
Webrevs:
- full: https://webrevs.openjdk.java.net/?repo=jdk&pr=8199&range=01
- incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=8199&range=00-01
Stats: 14 lines in 1 file changed: 9 ins; 0 del; 5 mod
Patch: https://git.openjdk.java.net/jdk/pull/8199.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/8199/head:pull/8199
PR: https://git.openjdk.java.net/jdk/pull/8199
More information about the security-dev
mailing list