On Wed, 23 Apr 2025 13:07:31 GMT, Artur Barashev <abaras...@openjdk.org> wrote:

>> A lot of (existing) HttpClient tests in `test/jdk/java/net/httpclient` 
>> currently use this `SimpleSSLContext` construct to read the `testkeys` 
>> keystore that's available in the JDK repo's test directory. Moving to a 
>> dynamically created keystore instead of a keystore that's committed in the 
>> JDK repo seems reasonable. I think it would be better to do that as a 
>> separate task in future, since that would involve updating these existing 
>> tests to use this new mechanism too.
>
> Sounds good, this was just FYI.

I may be wrong, but it seems you only re-enable 3DES to test a non-TLS 1.3 
cipher suite. But you don't have to use a 3DES suite to do that, you could use 
one of the suites that are already enabled (and are still considered strong), 
like "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256".

As a general comment, I would avoid re-enabling broken or disabled algorithms 
unless you specifically have to test that algorithm for some reason.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/24751#discussion_r2064329287

Reply via email to