RFR: 8280494: (D)TLS signature schemes [v3]
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Sat Jan 29 05:51:04 UTC 2022
On Fri, 28 Jan 2022 01:05:22 GMT, Bernd <duke at openjdk.java.net> wrote:
>> Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Enrich the APIs specification
>
> src/java.base/share/classes/sun/security/ssl/SSLConfiguration.java line 410:
>
>> 408:
>> 409: // Reset the signature schemes, if it was configured with SSLParameters.
>> 410: if (Arrays.equals(signatureSchemes,
>
> The duals here does not mean it was configure with parameters, it only means it is currently the same configuration as the parameters, but it still could be a different source?
You are right. Toggle client mode is a pretty hard to implement method to me, especially considering the impact of various SSL parameters. There are more than one method to set the parameters, as make it hard to know what an application really want to do. Here is a best effort I can think of, but not really an accurate implementation. Hopefully, the impact is minimal.
> src/java.base/share/classes/sun/security/ssl/SignatureScheme.java line 439:
>
>> 437: (config.signatureSchemes == null ||
>> 438: config.signatureSchemes.length == 0 ||
>> 439: Arrays.asList(config.signatureSchemes)
>
> Is that a allocation per handshake*availablesize?
Yes, it does. Do you like to use a for-loop, without new object allocation?
-------------
PR: https://git.openjdk.java.net/jdk/pull/7252
More information about the security-dev
mailing list