<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hello, comments below, minor stuff for the most part:<br>
<ul>
<li>KeyUpdate.java</li>
<ul>
<li>128-129: Spelling nit: REQUSTED --> REQUESTED</li>
<li>That change will have to get sprinkled throughout the code<br>
</li>
</ul>
<li>OutputRecord.java</li>
<ul>
<li>291-295: It seems like using an absolute put would simplify
this code a bit: Just advance the destination limit by one
like you're already doing, then
destination.put(destination.limit() - 1, contentType); Or you
can set an int variable to destination.limit() before you make
the limit one larger and then use that as the first argument
to the absolute put. Either way you don't need to move your
position marker forward and backward.</li>
<ul>
<li>I know absolute puts are not guaranteed to be implemented,
but they are used further down on line 312, 317-318 so I
think we're safe here.<br>
</li>
</ul>
</ul>
<li>SSLEngineOutputRecord.java</li>
<ul>
<li>Looks good to me</li>
</ul>
<li>SSLSocketOutputRecord.java</li>
<ul>
<li>315: REQUSTED -> REQUESTED</li>
<li>Looks okay otherwise</li>
</ul>
<li>DTLSOutputRecord</li>
<ul>
<li>68: Do we need to hang onto this for now, or can we remove
this commented out line?</li>
<li>Otherwise looks OK.</li>
</ul>
</ul>
<p>More on the way...<br>
</p>
<p>--Jamil<br>
</p>
<br>
<div class="moz-cite-prefix">On 02/22/2018 12:29 PM, Xuelei Fan
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:0419f803-e67c-074c-ff02-f0d45326d3b4@oracle.com">Updated
to use package private HKDF implementation.
<br>
<br>
webrev (based on JDK-8185576):
<br>
<a class="moz-txt-link-freetext" href="http://cr.openjdk.java.net/~xuelei/8196584/webrev-step.01">http://cr.openjdk.java.net/~xuelei/8196584/webrev-step.01</a>
<br>
<br>
webrev (including JDK-8185576):
<br>
<a class="moz-txt-link-freetext" href="http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.01">http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.01</a>
<br>
<br>
Thanks,
<br>
Xuelei
<br>
<br>
On 2/20/2018 11:57 AM, Xuelei Fan wrote:
<br>
<blockquote type="cite">Hi,
<br>
<br>
I'd like to invite you to review the TLS 1.3 full handshake
implementation. I appreciate it if I could have feedback before
March 9, 2018.
<br>
<br>
In the "JDK-8185576: New handshake implementation" [1] code
review around, I was trying to re-org the TLS handshaking
implementation in the
<br>
SunJSSE provider. If you had reviewed that part, you can start
from the following webrev that based on the update of
JDK-8185576:
<br>
<a class="moz-txt-link-freetext" href="http://cr.openjdk.java.net/~xuelei/8196584/webrev-step.00">http://cr.openjdk.java.net/~xuelei/8196584/webrev-step.00</a>
<br>
<br>
If you would like start from earlier, here is the webrev that
contains the handshaking implementation re-org in JDK-8185576:
<br>
<a class="moz-txt-link-freetext" href="http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.00">http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.00</a>
<br>
<br>
<br>
This changeset only implements the full handshake of TLS 1.3,
rather then a fully implementation of the latest TLS 1.3 draft
[2].
<br>
<br>
In this implementation, I removed:
<br>
1. the KRB5 cipher suite implementation.
<br>
Please let me know if you are still using KRB5 cipher suite. I
may not add them back if no objections.
<br>
<br>
2. OCSP stapling.
<br>
This feature will be added back later.
<br>
<br>
Resumption and key update, and more features may be added later.
<br>
<br>
Thanks & Regards,
<br>
Xuelei
<br>
<br>
[1]:
<a class="moz-txt-link-freetext" href="http://mail.openjdk.java.net/pipermail/security-dev/2017-December/016642.html">http://mail.openjdk.java.net/pipermail/security-dev/2017-December/016642.html</a>
<br>
[2]: <a class="moz-txt-link-freetext" href="https://tools.ietf.org/html/draft-ietf-tls-tls13-24">https://tools.ietf.org/html/draft-ietf-tls-tls13-24</a>
<br>
</blockquote>
</blockquote>
<br>
</body>
</html>