RFR: 8281236: (D)TLS key exchange named groups [v4]

Sean Mullan mullan at openjdk.org
Tue Dec 6 18:56:37 UTC 2022


On Tue, 6 Dec 2022 07:58:02 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> This update is to support key exchange named groups customization for individual (D)TLS connection. Please review the CSR as well:
>> CSR: https://bugs.openjdk.org/browse/JDK-8291950
>> RFE: https://bugs.openjdk.org/browse/JDK-8281236
>> Release-note: https://bugs.openjdk.org/browse/JDK-8291975
>> 
>> This is an effort similar to [JDK-8280494: "(D)TLS signature schemes"](https://bugs.openjdk.org/browse/JDK-8280494)
>
> Xue-Lei Andrew Fan has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains six commits:
> 
>  - check duplicate
>  - Merge
>  - Merge
>  - Merge
>  - add test cases
>  - 8281236: (D)TLS key exchange algorithms

src/java.base/share/classes/sun/security/ssl/NamedGroup.java line 454:

> 452:     }
> 453: 
> 454:     static NamedGroup getPreferredGroup(

Add a comment describing what this method does. And the method on line 471.

src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java line 279:

> 277:         String[] ngs = params.getNamedGroups();
> 278:         if (ngs != null) {
> 279:             // Note if 'ss' is empty, then no signature schemes should be

The comment needs to be updated for named groups. It looks like it was copied from line 272.

-------------

PR: https://git.openjdk.org/jdk/pull/9776



More information about the security-dev mailing list