Re: JEP 332: Transport Layer Security (TLS) 1.3
On 3/30/18 12:48 PM, David Lloyd wrote: Is it possible that this could make Java 11, or is that a long shot? We cannot say that it will make JDK 11 at this time. Also, at this stage in the JEP 2.0 Process, a Candidate means that it "is merely an idea worthy of consideration by JDK Release Projects and related efforts; there is no commitment that it will be delivered in any particular release." [1] With that said, TLS 1.3 is expected to be an important security feature and we are working as hard as we can to deliver it in a timely manner. We have already sent out a preliminary code review on a redesigned handshaking implementation [2]. We should have more information on the overall status of the project over the next few weeks, so stay tuned. Thanks, Sean [1] http://cr.openjdk.java.net/~mr/jep/jep-2.0-02.html [2] http://mail.openjdk.java.net/pipermail/security-dev/2017-December/016642.html On Fri, Mar 30, 2018 at 11:36 AM, wrote: New JEP Candidate: http://openjdk.java.net/jeps/332 - Mark
Re: RFR 8190333: sun/security/ssl/X509KeyManager/PreferredKey.java failed with "Failed to get the preferable key aliases"
I think you should use a 2048-bit DSA key instead of 1024-bit. Otherwise looks fine. --Sean On 4/3/18 4:12 PM, Amanda Jiang wrote: Hi All, The changeset below updates an expired alias in keystore. Please help to review it. Bug: https://bugs.openjdk.java.net/browse/JDK-8190333 Webrev: http://cr.openjdk.java.net/~amjiang/8190333/webrev.00/ Thanks, Amanda
Re: RFR 8200468: Port the native GSS-API bridge to Windows
On 2018-04-04 10:06, Weijun Wang wrote: On Apr 4, 2018, at 3:59 PM, Magnus Ihse Bursie wrote: Hi Max, On 2018-04-04 04:19, Weijun Wang wrote: Hi All Please take a review at http://cr.openjdk.java.net/~weijun/8200468/webrev.00/ The indentation in Lib-java.security.jgss.gmk has gone wrong. The lines in the "$(eval $(call SetupJdkLibrary" stanza should still be indented four spaces. See the makefile style guide: http://openjdk.java.net/groups/build/doc/code-conventions.html So this is for "2. If a line must be broken, use four spaces for indentation". Right? Yes. 2 spaces for "logical" indentations (such as in an if statement), and 4 spaces for broken lines. Please always cc build-dev when making changes to makefiles. I'll remember it. Thanks! /Magnus Thanks Max /Magnus Like in *nix, native GSS-API bridge is turned on by setting -Dsun.security.jgss.native=true. Please note there is no default native GSS-API library on Windows and you need to supply your own, like this: java -Dsun.security.jgss.native=true -Dsun.security.jgss.lib=/path/to/gssapi64.dll App ... You can manually test the change with jtreg -Dnative.krb5.libs=j=,n=/path/to/gssapi64.dll test/jdk/sun/security/krb5/auto/BasicProc.java Thanks Max p.s. You can get a gssapi64.dll from https://web.mit.edu/KERBEROS/kfw-4.1/kfw-4.1.html.
RFR 8196540: [Testbug] java/security/AccessController/DoPrivAccompliceTest.java doesn't handle unrelated warnings
Hi All, Please review fix for following issue: JBS bug: https://bugs.openjdk.java.net/browse/JDK-8196540 webrev link: http://cr.openjdk.java.net/~bgopularam/8196540/security/webrev.00/ I have added utility method parsing the stderr output and ignore any VM warnings. Thanks, Bhanu
Re: RFR 8200468: Port the native GSS-API bridge to Windows
> On Apr 4, 2018, at 3:59 PM, Magnus Ihse Bursie > wrote: > > Hi Max, > > On 2018-04-04 04:19, Weijun Wang wrote: >> Hi All >> >> Please take a review at >> >> http://cr.openjdk.java.net/~weijun/8200468/webrev.00/ > > The indentation in Lib-java.security.jgss.gmk has gone wrong. The lines in > the "$(eval $(call SetupJdkLibrary" stanza should still be indented four > spaces. See the makefile style guide: > http://openjdk.java.net/groups/build/doc/code-conventions.html So this is for "2. If a line must be broken, use four spaces for indentation". Right? > > Please always cc build-dev when making changes to makefiles. I'll remember it. Thanks Max > > /Magnus > > > > > >> >> Like in *nix, native GSS-API bridge is turned on by setting >> -Dsun.security.jgss.native=true. Please note there is no default native >> GSS-API library on Windows and you need to supply your own, like this: >> >> java -Dsun.security.jgss.native=true >> -Dsun.security.jgss.lib=/path/to/gssapi64.dll App ... >> >> You can manually test the change with >> >> jtreg -Dnative.krb5.libs=j=,n=/path/to/gssapi64.dll >> test/jdk/sun/security/krb5/auto/BasicProc.java >> >> Thanks >> Max >> >> p.s. You can get a gssapi64.dll from >> https://web.mit.edu/KERBEROS/kfw-4.1/kfw-4.1.html. >
Re: RFR 8200468: Port the native GSS-API bridge to Windows
I've updated the patch in its original URL. Please confirm it's correct now. Thanks Max > On Apr 4, 2018, at 4:06 PM, Weijun Wang wrote: > > > >> On Apr 4, 2018, at 3:59 PM, Magnus Ihse Bursie >> wrote: >> >> Hi Max, >> >> On 2018-04-04 04:19, Weijun Wang wrote: >>> Hi All >>> >>> Please take a review at >>> >>> http://cr.openjdk.java.net/~weijun/8200468/webrev.00/ >> >> The indentation in Lib-java.security.jgss.gmk has gone wrong. The lines in >> the "$(eval $(call SetupJdkLibrary" stanza should still be indented four >> spaces. See the makefile style guide: >> http://openjdk.java.net/groups/build/doc/code-conventions.html > > So this is for "2. If a line must be broken, use four spaces for > indentation". Right? > >> >> Please always cc build-dev when making changes to makefiles. > > I'll remember it. > > Thanks > Max > >> >> /Magnus >> >> >> >> >> >>> >>> Like in *nix, native GSS-API bridge is turned on by setting >>> -Dsun.security.jgss.native=true. Please note there is no default native >>> GSS-API library on Windows and you need to supply your own, like this: >>> >>> java -Dsun.security.jgss.native=true >>> -Dsun.security.jgss.lib=/path/to/gssapi64.dll App ... >>> >>> You can manually test the change with >>> >>> jtreg -Dnative.krb5.libs=j=,n=/path/to/gssapi64.dll >>> test/jdk/sun/security/krb5/auto/BasicProc.java >>> >>> Thanks >>> Max >>> >>> p.s. You can get a gssapi64.dll from >>> https://web.mit.edu/KERBEROS/kfw-4.1/kfw-4.1.html. >> >
Re: RFR 8200468: Port the native GSS-API bridge to Windows
Hi Max, On 2018-04-04 04:19, Weijun Wang wrote: Hi All Please take a review at http://cr.openjdk.java.net/~weijun/8200468/webrev.00/ The indentation in Lib-java.security.jgss.gmk has gone wrong. The lines in the "$(eval $(call SetupJdkLibrary" stanza should still be indented four spaces. See the makefile style guide: http://openjdk.java.net/groups/build/doc/code-conventions.html Please always cc build-dev when making changes to makefiles. /Magnus Like in *nix, native GSS-API bridge is turned on by setting -Dsun.security.jgss.native=true. Please note there is no default native GSS-API library on Windows and you need to supply your own, like this: java -Dsun.security.jgss.native=true -Dsun.security.jgss.lib=/path/to/gssapi64.dll App ... You can manually test the change with jtreg -Dnative.krb5.libs=j=,n=/path/to/gssapi64.dll test/jdk/sun/security/krb5/auto/BasicProc.java Thanks Max p.s. You can get a gssapi64.dll from https://web.mit.edu/KERBEROS/kfw-4.1/kfw-4.1.html.