RFR: 8284694: Avoid evaluating SSLAlgorithmConstraints twice [v4]
Daniel Jeliński
djelinski at openjdk.java.net
Tue Apr 19 17:16:29 UTC 2022
> During TLS handshake, hundreds of constraints are evaluated to determine which cipher suites are usable. Most of the evaluations are performed using `HandshakeContext#algorithmConstraints` object. By default that object contains a `SSLAlgorithmConstraints` instance wrapping another `SSLAlgorithmConstraints` instance. As a result the constraints defined in `SSLAlgorithmConstraints` are evaluated twice.
>
> This PR improves the default case; if the user-specified constraints are left at defaults, we use a single `SSLAlgorithmConstraints` instance, and avoid duplicate checks.
Daniel Jeliński has updated the pull request incrementally with one additional commit since the last revision:
Replace remaining constructors with factory methods
-------------
Changes:
- all: https://git.openjdk.java.net/jdk/pull/8199/files
- new: https://git.openjdk.java.net/jdk/pull/8199/files/e4cc8152..2a1f0a1d
Webrevs:
- full: https://webrevs.openjdk.java.net/?repo=jdk&pr=8199&range=03
- incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=8199&range=02-03
Stats: 58 lines in 4 files changed: 21 ins; 14 del; 23 mod
Patch: https://git.openjdk.java.net/jdk/pull/8199.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/8199/head:pull/8199
PR: https://git.openjdk.java.net/jdk/pull/8199
More information about the security-dev
mailing list