RFR: 8298874: Update TestAllSuites.java for TLS v1.2 and 1.3
Matthew Donovan
duke at openjdk.org
Fri Jan 27 01:34:18 UTC 2023
On Thu, 26 Jan 2023 18:33:38 GMT, Rajan Halade <rhalade at openjdk.org> wrote:
>> * updated test for new TLS protocols and ciphersuites
>> * code cleanup
>
> test/jdk/javax/net/ssl/SSLEngine/TestAllSuites.java line 333:
>
>> 331:
>> 332: enum SupportedCipherSuites {
>> 333: TLSv11("TLSv1.1", new String []{
>
> Instead of this can we not continue with old approach of using `SSLEngine.getSupportedCipherSuites` and ignore not applicable suites?
The test verifies the handshake negotiation for each ciphersuite/protocol combination. The `getSupportedCipherSuites()` and `getEnabledCipherSuites()` are independent of the enabled protocols. In other words, if you called `engine.setEnabledProtocols(new String[]{"TLSv1.2"})`, the output of `engine.getEnabledCipherSuites()` would still include TLSv1.3 ciphers.
So trying to run the tests by looping over the output of those methods isn't going to work. Instead of having this hard-coded set of things, I could run the test with each protocol and one or two cipher suites. How does that sound?
-------------
PR: https://git.openjdk.org/jdk/pull/11780
More information about the security-dev
mailing list