Re: Code Review Request: TLS 1.3 Implementation

2018-06-12 Thread Xuelei Fan
Update: http://hg.openjdk.java.net/jdk/sandbox/rev/2b4ae319412b This update enable RSASSA-PSS signature algorithm for TLS 1.2, and improve the SSLSocket close implementation. Xuelei On 6/8/2018 10:21 AM, Xuelei Fan wrote: Here is the 3rd full webrev:    http://cr.openjdk.java.net/~xuelei/81

Re: Code Review Request: TLS 1.3 Implementation

2018-06-12 Thread Xuelei Fan
On 6/12/2018 5:43 PM, Bradford Wetmore wrote: I really don't have much to say about SSLEngineImpl.  I like the refactoring you've done.  Just some nits. Ignore my previous suggestion about conContext, after seeing it a bit more often, it makes sense now. SSLSocketImpl.java --

RFR: 8204923: Restore Symantec root verisignclass2g2ca

2018-06-12 Thread Rajan Halade
Please review this fix to restore verisignclass2g2ca root. Webrev: http://cr.openjdk.java.net/~rhalade/8204923/webrev.00/ Thanks, Rajan

Re: Code Review Request: TLS 1.3 Implementation

2018-06-12 Thread Bradford Wetmore
I really don't have much to say about SSLEngineImpl. I like the refactoring you've done. Just some nits. Ignore my previous suggestion about conContext, after seeing it a bit more often, it makes sense now. SSLSocketImpl.java -- 72: I noticed you removed the public here fro

Re: Code Review Request: TLS 1.3 Implementation

2018-06-12 Thread Xuelei Fan
On 6/12/2018 3:29 PM, Bradford Wetmore wrote: On 6/11/2018 6:36 PM, Xuelei Fan wrote: SSLServerSocketImpl.java 160:  You should allow multiple changes between server to client, and switch enabled protocols/ciphersuites accordingly. Yes, multiple changes are allowed

Re: Code Review Request: TLS 1.3 Implementation

2018-06-12 Thread Bradford Wetmore
On 6/11/2018 6:36 PM, Xuelei Fan wrote: SSLServerSocketImpl.java 160:  You should allow multiple changes between server to client, and switch enabled protocols/ciphersuites accordingly. Yes, multiple changes are allowed. I didn't see a change here.  If you go fro

Re: Code Review Request: TLS 1.3 Implementation

2018-06-12 Thread Bradford Wetmore
I see what you're doing, but I'm not understanding why we're not checking the other direction also? e.g.  if (p < SSLv3 && not SSLv2) || (p > TLSv1.3 ) { Per TLS 1.2 version negotiation specification, the higher number is not limited.  For example, if client request for TLS 1.9, the server

Re: Code Review Request: TLS 1.3 Implementation

2018-06-12 Thread Valerie Peng
I see. Maybe document what you explained for these flags would help. Update looks good. Thanks, Valerie On 6/11/2018 5:23 PM, Xuelei Fan wrote: Update: http://hg.openjdk.java.net/jdk/sandbox/rev/0811eaea3cd4 On 6/11/2018 3:44 PM, Valerie Peng wrote: Hi Xuelei, - If no child class intended

Re: RFR: 8196141: Add GoDaddy root certificates

2018-06-12 Thread Sean Mullan
Looks good to me. --Sean On 5/31/18 11:40 PM, Rajan Halade wrote: Please review this fix to add GoDaddy root certificates to cacerts. Webrev: http://cr.openjdk.java.net/~rhalade/8196141/webrev.00/ Thanks, Rajan