RFR: 8313229: DHEKeySizing.java should be modified to use TLS versions TLSv1, TLSv1.1, TLSv1.2 [v2]

Jamil Nimeh jnimeh at openjdk.org
Thu Sep 21 17:01:45 UTC 2023


On Thu, 21 Sep 2023 13:30:07 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> test/jdk/sun/security/ssl/DHKeyExchange/DHEKeySizing.java line 35:
>> 
>>> 33:  * @library /javax/net/ssl/templates
>>> 34:  * @run main/othervm -Djdk.tls.client.enableSessionTicketExtension=false
>>> 35:  *      DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA 1645 267 TLSv1
>> 
>> Just curious why the server key exchange length went up in size by a couple bytes.  Was 1643 incorrect before this change?
>
> Good question. Part of this is a cut-and-paste error. The only change to 1645 bytes should be for line 64. The previous version of this test used TLS 1.0 for all the tests. When testing this on different protocols, I noticed the server hello for this cipher suite takes 2 extra bytes on TLSv1.2, and this was enough to cause the test to fail even with the 6 extra bytes for KEY_LEN_BIAS. - I don't know the exact reason why it takes a few extra bytes though.
> 
> I fixed this in the latest commit - only line 64 should be different now for the server hello length.

An extra two bytes for a server hello could be due to the assertion of a SH extension that was not asserted in earlier versions of the protocol or something along those lines.  Since that 1645 bytes relates to "Server Hello Series" (I assume that means the entire SH flight of messages) there could be a two-byte variance in a number of places.  The fix looks good to me.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/15846#discussion_r1333365888


More information about the security-dev mailing list