RFR: 8366364: Address inconsistencies in SSLParameters object returned by SSLConfiguration#getSSLParameters() call [v3]
Artur Barashev
abarashev at openjdk.org
Tue Oct 28 22:34:07 UTC 2025
On Tue, 28 Oct 2025 21:25:14 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> We do `NamedGroup` constraints check in `NamedGroup.SupportedGroups` now, so the test fails during `SSLConfiguration` object construction and not during TLS handshake as before. One exception is thrown with TLSv1.2 and another with TLSv1.3.
>
> Hmm, I still need more info. Is this a behavior or specification change? Does a standard JSSE API now throw these exceptions instead of `SSLException`?
Correction: `ExceptionInInitializerError` is thrown on the first test iteration and `NoClassDefFoundError` is thrown on the subsequent iterations because the test runs all iterations in the same VM. The exception cause is [still the same](https://github.com/openjdk/jdk/blob/73f93920b950b4ce5fa177db50010e95265d6a7f/src/java.base/share/classes/sun/security/ssl/NamedGroup.java#L780), we would throw the same exception if the named group were unavailable instead of being algorithm-constrained.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27961#discussion_r2471233800
More information about the security-dev
mailing list