On Wed, 23 Apr 2025 13:07:31 GMT, Artur Barashev <abaras...@openjdk.org> wrote:
>> A lot of (existing) HttpClient tests in `test/jdk/java/net/httpclient` >> currently use this `SimpleSSLContext` construct to read the `testkeys` >> keystore that's available in the JDK repo's test directory. Moving to a >> dynamically created keystore instead of a keystore that's committed in the >> JDK repo seems reasonable. I think it would be better to do that as a >> separate task in future, since that would involve updating these existing >> tests to use this new mechanism too. > > Sounds good, this was just FYI. I may be wrong, but it seems you only re-enable 3DES to test a non-TLS 1.3 cipher suite. But you don't have to use a 3DES suite to do that, you could use one of the suites that are already enabled (and are still considered strong), like "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256". As a general comment, I would avoid re-enabling broken or disabled algorithms unless you specifically have to test that algorithm for some reason. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/24751#discussion_r2064329287