RFR: 8284694: Avoid evaluating SSLAlgorithmConstraints twice [v3]
Daniel Jeliński
djelinski at openjdk.java.net
Thu Apr 14 21:05:06 UTC 2022
> During TLS handshake, hundreds of constraints are evaluated to determine which cipher suites are usable. Most of the evaluations are performed using `HandshakeContext#algorithmConstraints` object. By default that object contains a `SSLAlgorithmConstraints` instance wrapping another `SSLAlgorithmConstraints` instance. As a result the constraints defined in `SSLAlgorithmConstraints` are evaluated twice.
>
> This PR improves the default case; if the user-specified constraints are left at defaults, we use a single `SSLAlgorithmConstraints` instance, and avoid duplicate checks.
Daniel Jeliński has updated the pull request incrementally with two additional commits since the last revision:
- add more factory methods, update copyright
- return DEFAULT also when user constraints are null
-------------
Changes:
- all: https://git.openjdk.java.net/jdk/pull/8199/files
- new: https://git.openjdk.java.net/jdk/pull/8199/files/b6e46ae9..e4cc8152
Webrevs:
- full: https://webrevs.openjdk.java.net/?repo=jdk&pr=8199&range=02
- incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=8199&range=01-02
Stats: 65 lines in 6 files changed: 33 ins; 2 del; 30 mod
Patch: https://git.openjdk.java.net/jdk/pull/8199.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/8199/head:pull/8199
PR: https://git.openjdk.java.net/jdk/pull/8199
More information about the security-dev
mailing list