Re: [RFR] 8166597: Crypto support for the EdDSA Signature Algorithm (JEP 339)

On 3/30/20 8:52 PM, Anthony Scarpino wrote: On 3/30/20 7:54 PM, Weijun Wang wrote: On Mar 31, 2020, at 10:50 AM, Anthony Scarpino wrote: On 3/30/20 11:52 AM, Anthony Scarpino wrote: On 3/30/20 6:21 AM, Weijun Wang wrote: I was playing with keytool with your patch and noticed sun.security

Re: [RFR] 8166597: Crypto support for the EdDSA Signature Algorithm (JEP 339)

On 3/30/20 7:54 PM, Weijun Wang wrote: On Mar 31, 2020, at 10:50 AM, Anthony Scarpino wrote: On 3/30/20 11:52 AM, Anthony Scarpino wrote: On 3/30/20 6:21 AM, Weijun Wang wrote: I was playing with keytool with your patch and noticed sun.security.util.KeyUtil.getKeySize(Key) does not suppor

Re: RFR: 8076999: SunJCE support of password-based encryption scheme 2 params (PBES2) not working

Hi Jamil, Thanks for being so patient. It take me sometime to play around with the changes and think about various scenarios... Here are some comments: - Line 38 has RFC 2268 which is for RC2, RC5 is in RFC 2040. - Line 48-51 comments can be simplified further, essentially, IV (provided o

Re: [RFR] 8166597: Crypto support for the EdDSA Signature Algorithm (JEP 339)

> On Mar 31, 2020, at 10:50 AM, Anthony Scarpino > wrote: > > On 3/30/20 11:52 AM, Anthony Scarpino wrote: >> On 3/30/20 6:21 AM, Weijun Wang wrote: >>> I was playing with keytool with your patch and noticed >>> sun.security.util.KeyUtil.getKeySize(Key) does not support an >>> EdECKey. While

Re: [RFR] 8166597: Crypto support for the EdDSA Signature Algorithm (JEP 339)

On 3/30/20 11:52 AM, Anthony Scarpino wrote: On 3/30/20 6:21 AM, Weijun Wang wrote: I was playing with keytool with your patch and noticed sun.security.util.KeyUtil.getKeySize(Key) does not support an EdECKey. While we use curve name instead of key size in EC to describe the parameters, the siz

Re: RFR 8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD

1. I don't think there is a need to talk about the java.security.krb5.conf system property, the krb5.conf file name is more popular. 2. I'd rather always say "TGS requests" instead of "AP requests". Thanks, Max > On Mar 31, 2020, at 4:24 AM, Martin Balao wrote: > > Hi Max, > > CSR requested

RFR 8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one

Hi, I'd like to request a review for 8241888 [1]. Webrev.00: * http://cr.openjdk.java.net/~mbalao/webrevs/8241888/8241888.webrev.00/ CSR (waiting for review): https://bugs.openjdk.java.net/browse/JDK-8241893 I've not included my regression test as it's a trivial change and my test is actually

Re: Possible regression in JDK 14 related to SSLSessionContext / SSLSession on the server side

Hi Norman, I've been able to run your test code and I can reproduce it. Interestingly enough, it appears to happen when -Djdk.tls.server.enableSessionTicketExtension=true, which is the default position.  With session tickets enabled, I would see the issue in TLS 1.3 and 1.2 connections just a

[15] RFR 8241761 : Typos: empty lines in javadoc, inconsistent indents, etc. (security-libs only)

Hello! The fix follows up on JDK-8241727 [1]. This is a javadoc/comments only fix in the security-libs area. The changes are to remove redundant empty lines, correct indentation, or otherwise restore harmony. Would you please help review this rather technical fix? BUGURL: https://bugs.openj

Re: RFR 8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD

Hi Max, CSR requested here: https://bugs.openjdk.java.net/browse/JDK-8241871 Look forward to your comments or approval there. Thanks, Martin.-

Re: [RFR] 8166597: Crypto support for the EdDSA Signature Algorithm (JEP 339)

On 3/30/20 6:21 AM, Weijun Wang wrote: I was playing with keytool with your patch and noticed sun.security.util.KeyUtil.getKeySize(Key) does not support an EdECKey. While we use curve name instead of key size in EC to describe the parameters, the size is still useful in determining the strength

Re: Possible regression in JDK 14 related to SSLSessionContext / SSLSession on the server side

For what it's worth, I tried with the latest JDK using SSLSockets on the server side and I'm (so far) not able to reproduce it with my local test utilities.  Unfortunately I don't have an engine-based simple server handy so I'll give Norman's reproducer a spin and see what happens. --Jamil On

Re: RFR JDK-8239595/JDK-8239594 : ssl context version is not respected/jdk.tls.client.protocols is not respected

The current fix does not affect the scenarios discussed earlier(that is a broader discussion,may be a different bug/enhancement). The scenarios would be vaild even if the fix would not have been in place. -Rahul On 27/03/2020 17:50, Chris Hegarty wrote: Thank you for these clarifications. We wi

Re: RFR 8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD

Hi Max, Thanks for having a look at this. On 3/29/20 1:10 AM, Weijun Wang wrote: >> * Note: from a client side, sending an NT-ENTERPRISE cname means that >> the cname can change in the response. Windows AD 2016, however, does not >> change it unless 'canonicalize' flag is explicitly set in the r

RE: RFR[jdk] 8237474: Default SSLEngine should create in server role

Hi, Added @implnote and updated test changes, here is the new webrev, please review it. Webrev: http://cr.openjdk.java.net/~pkoppula/8237474/webrev.01/ issue: https://bugs.openjdk.java.net/browse/JDK-8237474 CSR: https://bugs.openjdk.java.net/browse/JDK-8238593 Thanks, Prasad.

Re: [RFR] 8166597: Crypto support for the EdDSA Signature Algorithm (JEP 339)

I was playing with keytool with your patch and noticed sun.security.util.KeyUtil.getKeySize(Key) does not support an EdECKey. While we use curve name instead of key size in EC to describe the parameters, the size is still useful in determining the strength. There is also a KeyUtil.getKeySize(Al

Re: Possible regression in JDK 14 related to SSLSessionContext / SSLSession on the server side

Hey Sean, There is not much to share as its just a simple handshake :) Anyway here is a reproducer: https://github.com/normanmaurer/jdk_ssl_session_context_reproducer It basically does nothing more then complete the handshake

Re: Possible regression in JDK 14 related to SSLSessionContext / SSLSession on the server side

Looks interesting Norman. Do you want to share some more details about the peculiarities of this handshake before considering a fully fledged testcase ? regards, Sean. On 27/03/2020 12:48, Norman Maurer wrote: Hi there, I am just about to add JDK14 to the test matrix for netty and think I fo

Re: RFR JDK-8240988 : Incorrect copyright header in CertificateValidation.java

Looks fine to me Ravi. regards, Sean. On 30/03/2020 12:14, Ravi Reddy wrote: Hello All, Could you please review this attached patch. This patch fixes the "Incorrect copyright header in CertificateValidation.java". Issue :https://bugs.openjdk.java.net/browse/JDK-8240988

RFR JDK-8240988 : Incorrect copyright header in CertificateValidation.java

Hello All, Could you please review this attached patch. This patch fixes the "Incorrect copyright header in CertificateValidation.java". Issue :https://bugs.openjdk.java.net/browse/JDK-8240988 Thanks, Ravi diff --git a/test/j