RFR: 8366364: Address inconsistencies in SSLParameters object returned by SSLConfiguration#getSSLParameters() call [v3]
Sean Mullan
mullan at openjdk.org
Tue Oct 28 21:27:41 UTC 2025
On Tue, 28 Oct 2025 21:13:02 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> test/jdk/sun/security/ssl/CipherSuite/RestrictNamedGroup.java line 101:
>>
>>> 99: runAndCheckException(() -> new RestrictNamedGroup().run(),
>>> 100: ex -> assertTrue(ex instanceof NoClassDefFoundError
>>> 101: || ex instanceof ExceptionInInitializerError));
>>
>> I don't understand this change, can you help me understand this better? Why would these exceptions be thrown now?
>
> We do `NamedGroup` constraints check in `NamedGroup.SupportedGroups` now, so the test fails during `SSLConfiguration` object construction and not during TLS handshake as before. One exception is thrown with TLSv1.2 and another with TLSv1.3.
Hmm, I still need more info. Is this a behavior or specification change? Does a standard JSSE API now throw these exceptions instead of `SSLException`?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27961#discussion_r2471083500
More information about the security-dev
mailing list