RFR: 8341964: Add mechanism to disable different parts of TLS cipher suite [v11]
Artur Barashev
abarashev at openjdk.org
Tue Nov 12 18:16:17 UTC 2024
On Tue, 12 Nov 2024 17:46:45 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Artur Barashev has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Put the fail() within the try/catch-block, so we don't need to explictly return in the catch-block
>
> src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java line 139:
>
>> 137: super(decomposer);
>> 138: disabledAlgorithms = getAlgorithms(propertyName);
>> 139: loadDisabledPatterns();
>
> You only need to call this method if `propertyName.equals("jdk.tls.disabledAlgorithms")`
Good point, I'll add the check.
> src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java line 985:
>
>> 983:
>> 984: private void loadDisabledPatterns() {
>> 985: List<String> patternStrings = new ArrayList<>();
>
> Set the initial capacity to 4.
Will do
> src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java line 1003:
>
>> 1001:
>> 1002: // Exclude patterns from algorithm code flow.
>> 1003: patternStrings.forEach(disabledAlgorithms::remove);
>
> Did you consider calling `Set.iterator().remove()` while iterating over the `Set` instead?
Yes, I did consider it but I find the current version cleaner and easier to understand.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21841#discussion_r1838562967
PR Review Comment: https://git.openjdk.org/jdk/pull/21841#discussion_r1838563620
PR Review Comment: https://git.openjdk.org/jdk/pull/21841#discussion_r1838561653
More information about the security-dev
mailing list