RFR: 8301379: Verify TLS_ECDH_* cipher suites cannot be negotiated [v4]
Matthew Donovan
mdonovan at openjdk.org
Thu Jun 15 12:36:00 UTC 2023
On Wed, 14 Jun 2023 13:43:37 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> I added all of the disable ciphers that are listed in DisabledAlgorithms. Let me know if this isn't what you were thinking. Thanks!
>
> Yes, this is what I was thinking. There is another test `test/jdk/javax/net/ssl/ciphersuites/DisabledAlgorithms.java` that is very similar to this test. Can you compare these two tests and consider removing that test, or combining them if there are other things that test is testing that this one isn't?
The tests look similar but are definitely testing different code paths. I didn't combine the tests because they're different enough in how they work that making them one test would be messier than having two tests. I did, however, relocate my new test to the same directory as `DisabledAlgorithms` and changed it to use the same list of disabled ciphers so when we need to add to the list, it's covered by both tests. Also, while there, I updated DisabledAlgorithms to use the SSL test template classes instead of the binary {key,trust}store files.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/14316#discussion_r1230941148
More information about the security-dev
mailing list