RFR: 8341964: Add mechanism to disable different parts of TLS cipher suite [v6]
Artur Barashev
abarashev at openjdk.org
Fri Nov 8 21:26:44 UTC 2024
On Fri, 8 Nov 2024 20:34:30 GMT, Lothar Kimmeringer <duke at openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Ignore all regex characters but asterisk. Update test patterns.
>
> test/jdk/sun/security/ssl/CipherSuite/AbstractDisableCipherSuites.java line 81:
>
>> 79: return true;
>> 80: }
>> 81: }
>
> Not only check if there are disabled ciphers in the result but also check if there are any ciphers in the result. Otherwise an "overmotivated" filtering mechanism wipes away all ciphers undetected.
If there are not cipher suites in the result then `SSLHandshakeException` will be thrown. Please see `testEngOnlyDisabled` method.
> test/jdk/sun/security/ssl/CipherSuite/AbstractDisableCipherSuites.java line 162:
>
>> 160: return true;
>> 161: }
>> 162: }
>
> (same as above) Not only check if there are disabled ciphers in the result but also check if there are any ciphers in the result. Otherwise an "overmotivated" filtering mechanism wipes away all ciphers undetected.
Replied above.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21841#discussion_r1835068973
PR Review Comment: https://git.openjdk.org/jdk/pull/21841#discussion_r1835069105
More information about the security-dev
mailing list