RFR: 8370885: Default namedGroups values are not being filtered against algorithm constraints [v4]
Artur Barashev
abarashev at openjdk.org
Thu Jan 15 17:40:44 UTC 2026
On Thu, 15 Jan 2026 10:22:58 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
>> Artur Barashev has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains five commits:
>>
>> - Merge branch 'master' into JDK-8370885
>>
>> # Conflicts:
>> # src/java.base/share/classes/sun/security/ssl/NamedGroup.java
>> - Update copyright year
>> - Merge branch 'master' into JDK-8370885
>> - Merge branch 'master' into JDK-8370885
>>
>> # Conflicts:
>> # src/java.base/share/classes/sun/security/ssl/NamedGroup.java
>> - 8370885: Default namedGroups values are not being filtered against algorithm constraints
>
> src/java.base/share/classes/sun/security/ssl/NamedGroup.java line 799:
>
>> 797: // Avoid the group lookup for default and customized groups.
>> 798: static NamedGroup[] getGroupsFromConfig(SSLConfiguration sslConfig) {
>> 799: if (sslConfig.namedGroups == defaultNames) {
>
> Nit: getGroupsFromConfig() can choose from pre-initialized defaultGroups, customizedGroups, or sslConfig.namedGroups. Its name sounds like it reads something directly from SSLConfiguration.
The meaning is that we are getting groups from the config being passed as a parameter, so I think the naming of this method looks fine. We just avoid needless group names lookup for defaultGroups and customizedGroups.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28397#discussion_r2695341640
More information about the security-dev
mailing list