<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hello there! Only nits for these two files (and possibly more
based on a method name change), but they've been reviewed in the
past so most issues have already been dealt with:<br>
</p>
<ul>
<li>SSLExtension.java</li>
<ul>
<li>39: Silly nit - you could update this to say RFC 6066, since
we're probably working to that standard these days and if
there are any minor diffs between the two we'd probably favor
the latter.</li>
<li>Various: More nits - we still seem to have a few "Concumer"
methods floating around. I'll go through the code and fix
those.</li>
<li>575 - 581: Can we remove this block or do we need to hang
onto it?</li>
</ul>
<li>SSLExtensions.java</li>
<ul>
<li>142-144: Another commented out chunk of code. Do we need
it? Given where it is situated (right after a continue
statement) it looks like something that should be removed.</li>
</ul>
</ul>
<p>--Jamil<br>
</p>
<br>
<div class="moz-cite-prefix">On 02/22/2018 12:29 PM, Xuelei Fan
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:0419f803-e67c-074c-ff02-f0d45326d3b4@oracle.com">Updated
to use package private HKDF implementation.
<br>
<br>
webrev (based on JDK-8185576):
<br>
<a class="moz-txt-link-freetext" href="http://cr.openjdk.java.net/~xuelei/8196584/webrev-step.01">http://cr.openjdk.java.net/~xuelei/8196584/webrev-step.01</a>
<br>
<br>
webrev (including JDK-8185576):
<br>
<a class="moz-txt-link-freetext" href="http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.01">http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.01</a>
<br>
<br>
Thanks,
<br>
Xuelei
<br>
<br>
On 2/20/2018 11:57 AM, Xuelei Fan wrote:
<br>
<blockquote type="cite">Hi,
<br>
<br>
I'd like to invite you to review the TLS 1.3 full handshake
implementation. I appreciate it if I could have feedback before
March 9, 2018.
<br>
<br>
In the "JDK-8185576: New handshake implementation" [1] code
review around, I was trying to re-org the TLS handshaking
implementation in the
<br>
SunJSSE provider. If you had reviewed that part, you can start
from the following webrev that based on the update of
JDK-8185576:
<br>
<a class="moz-txt-link-freetext" href="http://cr.openjdk.java.net/~xuelei/8196584/webrev-step.00">http://cr.openjdk.java.net/~xuelei/8196584/webrev-step.00</a>
<br>
<br>
If you would like start from earlier, here is the webrev that
contains the handshaking implementation re-org in JDK-8185576:
<br>
<a class="moz-txt-link-freetext" href="http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.00">http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.00</a>
<br>
<br>
<br>
This changeset only implements the full handshake of TLS 1.3,
rather then a fully implementation of the latest TLS 1.3 draft
[2].
<br>
<br>
In this implementation, I removed:
<br>
1. the KRB5 cipher suite implementation.
<br>
Please let me know if you are still using KRB5 cipher suite. I
may not add them back if no objections.
<br>
<br>
2. OCSP stapling.
<br>
This feature will be added back later.
<br>
<br>
Resumption and key update, and more features may be added later.
<br>
<br>
Thanks & Regards,
<br>
Xuelei
<br>
<br>
[1]:
<a class="moz-txt-link-freetext" href="http://mail.openjdk.java.net/pipermail/security-dev/2017-December/016642.html">http://mail.openjdk.java.net/pipermail/security-dev/2017-December/016642.html</a>
<br>
[2]: <a class="moz-txt-link-freetext" href="https://tools.ietf.org/html/draft-ietf-tls-tls13-24">https://tools.ietf.org/html/draft-ietf-tls-tls13-24</a>
<br>
</blockquote>
</blockquote>
<br>
</body>
</html>