Integrated: 8284694: Avoid evaluating SSLAlgorithmConstraints twice

Daniel Jeliński djelinski at openjdk.java.net
Wed Apr 20 18:17:44 UTC 2022


On Tue, 12 Apr 2022 11:28:12 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:

> During TLS handshake, hundreds of constraints are evaluated to determine which cipher suites are usable. Most of the evaluations are performed using `HandshakeContext#algorithmConstraints` object. By default that object contains a `SSLAlgorithmConstraints` instance wrapping another `SSLAlgorithmConstraints` instance. As a result the constraints defined in `SSLAlgorithmConstraints` are evaluated twice.
> 
> This PR improves the default case; if the user-specified constraints are left at defaults, we use a single `SSLAlgorithmConstraints` instance, and avoid duplicate checks.

This pull request has now been integrated.

Changeset: d8446b4f
Author:    Daniel Jeliński <djelinski at openjdk.org>
URL:       https://git.openjdk.java.net/jdk/commit/d8446b4f60472b11e4cdaef97288fe143cca4511
Stats:     427 lines in 7 files changed: 385 ins; 1 del; 41 mod

8284694: Avoid evaluating SSLAlgorithmConstraints twice

Reviewed-by: redestad, xuelei, coffeys

-------------

PR: https://git.openjdk.java.net/jdk/pull/8199


More information about the security-dev mailing list