RFR: 8284694: Avoid evaluating SSLAlgorithmConstraints twice [v5]

Daniel Jeliński djelinski at openjdk.java.net
Wed Apr 20 18:11:16 UTC 2022


> During TLS handshake, hundreds of constraints are evaluated to determine which cipher suites are usable. Most of the evaluations are performed using `HandshakeContext#algorithmConstraints` object. By default that object contains a `SSLAlgorithmConstraints` instance wrapping another `SSLAlgorithmConstraints` instance. As a result the constraints defined in `SSLAlgorithmConstraints` are evaluated twice.
> 
> This PR improves the default case; if the user-specified constraints are left at defaults, we use a single `SSLAlgorithmConstraints` instance, and avoid duplicate checks.

Daniel Jeliński has updated the pull request incrementally with one additional commit since the last revision:

  Reduce line length

-------------

Changes:
  - all: https://git.openjdk.java.net/jdk/pull/8199/files
  - new: https://git.openjdk.java.net/jdk/pull/8199/files/2a1f0a1d..1a131d9e

Webrevs:
 - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=8199&range=04
 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=8199&range=03-04

  Stats: 4 lines in 1 file changed: 1 ins; 0 del; 3 mod
  Patch: https://git.openjdk.java.net/jdk/pull/8199.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/8199/head:pull/8199

PR: https://git.openjdk.java.net/jdk/pull/8199


More information about the security-dev mailing list