RFR: 8284694: Avoid evaluating SSLAlgorithmConstraints twice [v5]
Daniel Jeliński
djelinski at openjdk.java.net
Wed Apr 20 18:11:16 UTC 2022
> During TLS handshake, hundreds of constraints are evaluated to determine which cipher suites are usable. Most of the evaluations are performed using `HandshakeContext#algorithmConstraints` object. By default that object contains a `SSLAlgorithmConstraints` instance wrapping another `SSLAlgorithmConstraints` instance. As a result the constraints defined in `SSLAlgorithmConstraints` are evaluated twice.
>
> This PR improves the default case; if the user-specified constraints are left at defaults, we use a single `SSLAlgorithmConstraints` instance, and avoid duplicate checks.
Daniel Jeliński has updated the pull request incrementally with one additional commit since the last revision:
Reduce line length
-------------
Changes:
- all: https://git.openjdk.java.net/jdk/pull/8199/files
- new: https://git.openjdk.java.net/jdk/pull/8199/files/2a1f0a1d..1a131d9e
Webrevs:
- full: https://webrevs.openjdk.java.net/?repo=jdk&pr=8199&range=04
- incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=8199&range=03-04
Stats: 4 lines in 1 file changed: 1 ins; 0 del; 3 mod
Patch: https://git.openjdk.java.net/jdk/pull/8199.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/8199/head:pull/8199
PR: https://git.openjdk.java.net/jdk/pull/8199
More information about the security-dev
mailing list