RFR: 8370885: Default namedGroups values are not being filtered against algorithm constraints [v4]
Hai-May Chao
hchao at openjdk.org
Wed Jan 21 05:55:55 UTC 2026
On Thu, 15 Jan 2026 17:43:19 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/ssl/NamedGroup.java line 780:
>>
>>> 778: customizedGroups == null ?
>>> 779: null : Arrays.stream(customizedGroups)
>>> 780: .map(ng -> ng.name)
>>
>> The filtering against algorithm constraints is not being done for customizedNames. Is it to preserve user’s selection and let constraints to be applied during handshake as before? It is different from defaultNames’s. Suggest to add some comments for it.
>
> Yes, that's correct. I figured we should display the user-passed groups as-is. Adding a comment.
Update looks good.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28397#discussion_r2711070414
More information about the security-dev
mailing list