RFR: 8280494: (D)TLS signature schemes [v15]
Sean Mullan
mullan at openjdk.java.net
Wed Feb 9 21:46:16 UTC 2022
On Wed, 9 Feb 2022 18:24:56 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
>> This update is to support signature schemes customization for individual (D)TLS connection. Please review the CSR as well:
>> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495
>> RFE: https://bugs.openjdk.java.net/browse/JDK-8280494
>> Release-note: https://bugs.openjdk.java.net/browse/JDK-8281290
>
> Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision:
>
> Spec update
If you agree with my last couple of comments, I think the API looks good now that you can finalize the CSR. I have not really reviewed the impl code and tests previously and may not have time to do a thorough review although I think Jamil may have done that - if he is ok with the rest of the code, then I think you can integrate once the CSR is approved. Thanks for the patience.
src/java.base/share/classes/javax/net/ssl/SSLParameters.java line 749:
> 747: * @implNote
> 748: * Note that the underlying provider may define the default signature
> 749: * schemes for each SSL/TLS/DTLS connection. Applications may also use
I think you can remove the first sentence that starts with "Note ..." as you already talk about provider-specific defaults before this. Also @implNotes are usually about the JDK implementation and not any provider. In the second sentence I would be more specific that this applies to the SunJSSE provider (see changes in italics), ex: "Applications ... system properties _with the SunJSSE provider_ to ..."
-------------
PR: https://git.openjdk.java.net/jdk/pull/7252
More information about the security-dev
mailing list