RFR: 8370885: Default namedGroups values are not being filtered against algorithm constraints [v4]
Artur Barashev
abarashev at openjdk.org
Thu Jan 15 17:51:00 UTC 2026
On Thu, 15 Jan 2026 10:19:33 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
>> Artur Barashev has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains five commits:
>>
>> - Merge branch 'master' into JDK-8370885
>>
>> # Conflicts:
>> # src/java.base/share/classes/sun/security/ssl/NamedGroup.java
>> - Update copyright year
>> - Merge branch 'master' into JDK-8370885
>> - Merge branch 'master' into JDK-8370885
>>
>> # Conflicts:
>> # src/java.base/share/classes/sun/security/ssl/NamedGroup.java
>> - 8370885: Default namedGroups values are not being filtered against algorithm constraints
>
> src/java.base/share/classes/sun/security/ssl/NamedGroup.java line 780:
>
>> 778: customizedGroups == null ?
>> 779: null : Arrays.stream(customizedGroups)
>> 780: .map(ng -> ng.name)
>
> The filtering against algorithm constraints is not being done for customizedNames. Is it to preserve user’s selection and let constraints to be applied during handshake as before? It is different from defaultNames’s. Suggest to add some comments for it.
Yes, that's correct. I figured we should display the user-passed groups as-is. Adding a comment.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28397#discussion_r2695360055
More information about the security-dev
mailing list