RFR: 8313229: DHEKeySizing.java should be modified to use TLS versions TLSv1, TLSv1.1, TLSv1.2 [v2]
Sean Mullan
mullan at openjdk.org
Thu Sep 21 13:32:43 UTC 2023
On Wed, 20 Sep 2023 20:13:35 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:
>> Sean Mullan has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Only adjust sever hello size for TLS_DHE_RSA_WITH_AES_128_CBC_SHA with TLSv1.2.
>> Fix some typos.
>
> test/jdk/sun/security/ssl/DHKeyExchange/DHEKeySizing.java line 35:
>
>> 33: * @library /javax/net/ssl/templates
>> 34: * @run main/othervm -Djdk.tls.client.enableSessionTicketExtension=false
>> 35: * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA 1645 267 TLSv1
>
> Just curious why the server key exchange length went up in size by a couple bytes. Was 1643 incorrect before this change?
Good question. Part of this is a cut-and-paste error. The only change to 1645 bytes should be for line 64. The previous version of this test used TLS 1.0 for all the tests. When testing this on different protocols, I noticed the server hello for this cipher suite takes 2 extra bytes on TLSv1.2, and this was enough to cause the test to fail even with the 6 extra bytes for KEY_LEN_BIAS. - I don't know the exact reason why it takes a few extra bytes though.
I fixed this in the latest commit - only line 64 should be different now for the server hello length.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/15846#discussion_r1333060926
More information about the security-dev
mailing list