RFR: 8284694: Avoid evaluating SSLAlgorithmConstraints twice [v3]
Daniel Jeliński
djelinski at openjdk.java.net
Thu Apr 14 21:17:38 UTC 2022
On Thu, 14 Apr 2022 21:05:06 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
>> During TLS handshake, hundreds of constraints are evaluated to determine which cipher suites are usable. Most of the evaluations are performed using `HandshakeContext#algorithmConstraints` object. By default that object contains a `SSLAlgorithmConstraints` instance wrapping another `SSLAlgorithmConstraints` instance. As a result the constraints defined in `SSLAlgorithmConstraints` are evaluated twice.
>>
>> This PR improves the default case; if the user-specified constraints are left at defaults, we use a single `SSLAlgorithmConstraints` instance, and avoid duplicate checks.
>
> Daniel Jeliński has updated the pull request incrementally with two additional commits since the last revision:
>
> - add more factory methods, update copyright
> - return DEFAULT also when user constraints are null
I think I addressed all the concerns raised. Could you take another look?
-------------
PR: https://git.openjdk.java.net/jdk/pull/8199
More information about the security-dev
mailing list