After digging more this morning I noticed the test code did made some wrong
assumptions which just worked out of luck before. After fixing the test
everything passes now.
So +1 from me on the patch :)
Also sorry for the false-alarm.
Niorman
> On 30. Jul 2018, at 22:23, Xuelei Fan wrote:
>
Would you mind send me the debug log (-Djavax.net.debug=all) and the
exception stacks? The "renegotiation" in TLS 1.3 is different from TLS
1.2 and prior specifications. It would be helpful to me to find the
cause of the test failure.
Thanks,
Xuelei
On 7/30/2018 1:11 PM, Norman Maurer wrote
Hi Norman,
Thank you very much for the great help! Glad to know it works for you.
For the SSLEngine.setUSeClientMode() issues, the
SSLEngine.beginHandshake() spec is expected to throw
IllegalStateException if the client/server mode has not yet been set.
https://docs.oracle.com/javase/10/docs
Sorry but I just noticed we still have a another integration test failing which
tests that client SSL renegotiation is failing. This seems to be not the case
anymore with java11 + your patch (it was in ea20 tho).
https://github.com/netty/netty/blob/netty-4.1.28.Final/testsuite/src/main/java/io/n
Hey Xuelei,
I just re-ran our testsuite with your patch and everything pass except two
tests. After digging a bit I found that we needed to add explicit calls to
`SSLEngine.setUSeClientMode(false)` now in these test where we did not need to
do this before.
The tests in question are:
https://g
Hi Tim,
Would you mind look at the code I posted in the following thread:
http://mail.openjdk.java.net/pipermail/security-dev/2018-July/017708.html
In the update, we are trying make the synchronization more simple and
robust. I appreciate if you could comment by the end of this week.
Note th
Hi Simone,
Would you mind look at the code I posted in the following thread:
http://mail.openjdk.java.net/pipermail/security-dev/2018-July/017708.html
I'm trying to address the close concerns of yours. I appreciate if you
could comment by the end of this week.
Note that with this update, a c
Will do and report back as soon as possible.
Thanks
Norman
> On 30. Jul 2018, at 19:57, Xuelei Fan wrote:
>
> Hi Norman,
>
> Would you mind look at the code I posted in the following thread:
> http://mail.openjdk.java.net/pipermail/security-dev/2018-July/017708.html
>
> I appreciate if you c
Hi Norman,
Would you mind look at the code I posted in the following thread:
http://mail.openjdk.java.net/pipermail/security-dev/2018-July/017708.html
I appreciate if you could have a test by the end of this week.
Note that with this update, a complete TLS connection should close both
inbound
Please let me know your concerns by the end of August 1st, 2018.
Thanks,
Xuelei
On 7/30/2018 9:59 AM, Xuelei Fan wrote:
Hi,
Please review the update for the TLS 1.3 half-close and synchronization
implementation:
http://cr.openjdk.java.net/~xuelei/8207009/webrev.00/
Unlike TLS 1.2 and
Hi,
Please review the update for the TLS 1.3 half-close and synchronization
implementation:
http://cr.openjdk.java.net/~xuelei/8207009/webrev.00/
Unlike TLS 1.2 and prior versions, for TLS 1.3, the close_notify is use
to close the local write side and peer read side only. After the
close
11 matches
Mail list logo
