On Tue, 22 Mar 2022 21:25:28 GMT, Valerie Peng wrote:
>> It's been several years since we increased the default key sizes. Before
>> shifting to PQC, NSA replaced its Suite B cryptography recommendations with
>> the Commercial National Security Algorithm Suite which suggests:
>>
>> - SHA-384
On Wed, 23 Mar 2022 00:29:16 GMT, Valerie Peng wrote:
> Can someone help review this update to the PSSParameterSpec class regarding
> the constructor with int argument and the DEFAULT static field? Just added
> @Deprecate javadoc tag and caution about their usage as suggested in the bug
>
On Tue, 22 Mar 2022 21:25:28 GMT, Valerie Peng wrote:
>> It's been several years since we increased the default key sizes. Before
>> shifting to PQC, NSA replaced its Suite B cryptography recommendations with
>> the Commercial National Security Algorithm Suite which suggests:
>>
>> - SHA-384
On Tue, 22 Mar 2022 16:32:22 GMT, Rajan Halade wrote:
>> In previous days, we used to include the dates from the templates, which
>> this test was derived from. I could go either way.
>
> I am not knowledgable one in this area and thought was merely a typo. Fine
> either way.
I'll leave for
On Tue, 22 Mar 2022 12:28:44 GMT, Sean Coffey wrote:
>> Sigh...this is a whole can of worms I wasn't expecting. Looks like one
>> person did the SSLContextTemplate and updated with SSLEngineTemplate, then
>> another person took a completely different takes with SSLSocketTemplate, and
>> then
Can someone help review this update to the PSSParameterSpec class regarding the
constructor with int argument and the DEFAULT static field? Just added
@Deprecate javadoc tag and caution about their usage as suggested in the bug
record.
A CSR will be filed once the wording changes are reviewed.
On Tue, 22 Mar 2022 21:21:14 GMT, Sean Mullan wrote:
>> This fix removes obsolete and deprecated 3DES cipher suites from the default
>> enabled cipher suites list of the SunJSSE provider implementation.
>>
>> Note that 3DES suites are already disabled by default via the
>>
> It's been several years since we increased the default key sizes. Before
> shifting to PQC, NSA replaced its Suite B cryptography recommendations with
> the Commercial National Security Algorithm Suite which suggests:
>
> - SHA-384 for secure hashing
> - AES-256 for symmetric encryption
> -
> This fix removes obsolete and deprecated 3DES cipher suites from the default
> enabled cipher suites list of the SunJSSE provider implementation.
>
> Note that 3DES suites are already disabled by default via the
> `jdk.tls.disabledAlgorithms` security property. This change goes one step
>
On Tue, 22 Mar 2022 19:34:17 GMT, Xue-Lei Andrew Fan wrote:
>> I see. That makes sense. However, I will note that the current order does
>> not reflect the preference rules defined in lines 336-348 (copied below):
>>
>>
>> // Definition of the CipherSuites that are supported but not
On Tue, 22 Mar 2022 19:07:12 GMT, Maurizio Cimadamore
wrote:
>> This PR contains the API and implementation changes for JEP-424 [1]. A more
>> detailed description of such changes, to avoid repetitions during the review
>> process, is included as a separate comment.
>>
>> [1] -
On Mon, 21 Mar 2022 19:40:07 GMT, Sean Mullan wrote:
> This fix removes obsolete and deprecated 3DES cipher suites from the default
> enabled cipher suites list of the SunJSSE provider implementation.
>
> Note that 3DES suites are already disabled by default via the
>
On Tue, 22 Mar 2022 19:18:24 GMT, Sean Mullan wrote:
> So we either need to clarify the rules and put anon suites lower, and change
> the obsolete rule.
It makes sense to me. It might be better to update the rules firstly (or just
leave it alone as the priority is pretty low), but which is
On Tue, 22 Mar 2022 14:42:53 GMT, Xue-Lei Andrew Fan wrote:
>> Can you be more specific? I'm not following where you think they should be
>> ordered. Are you suggesting they should be ordered before the anon suites
>> even though most of them use stronger algorithms? Also, does the order
>>
> This PR contains the API and implementation changes for JEP-424 [1]. A more
> detailed description of such changes, to avoid repetitions during the review
> process, is included as a separate comment.
>
> [1] - https://openjdk.java.net/jeps/424
Maurizio Cimadamore has updated the pull
On Sat, 12 Mar 2022 00:55:07 GMT, Bradford Wetmore wrote:
> JDK-8253368 changed the behavior of SSLSocket to no longer throw a fatal
> internal_error (80) and invalidate existing sessions (either completed or
> under construction) as described in (RFC 4346/TLSv1.1+) if a connection was
>
On Tue, 22 Mar 2022 14:04:07 GMT, Maurizio Cimadamore
wrote:
>> This PR contains the API and implementation changes for JEP-424 [1]. A more
>> detailed description of such changes, to avoid repetitions during the review
>> process, is included as a separate comment.
>>
>> [1] -
On Tue, 22 Mar 2022 00:26:01 GMT, Bradford Wetmore wrote:
>> test/jdk/sun/security/ssl/SSLSocketImpl/SSLSocketSSLEngineCloseInbound.java
>> line 2:
>>
>>> 1: /*
>>> 2: * Copyright (c) 2011, 2022, Oracle and/or its affiliates. All rights
>>> reserved.
>>
>> should this be updated to only
On Sat, 12 Mar 2022 00:55:07 GMT, Bradford Wetmore wrote:
> JDK-8253368 changed the behavior of SSLSocket to no longer throw a fatal
> internal_error (80) and invalidate existing sessions (either completed or
> under construction) as described in (RFC 4346/TLSv1.1+) if a connection was
>
On Tue, 22 Mar 2022 07:51:18 GMT, Sibabrata Sahoo wrote:
>> Domain value for system property jdk.https.negotiate.cbt is
>> case-insensitive now. Included Test has been updated to address the change.
>
> Sibabrata Sahoo has updated the pull request incrementally with one
> additional commit
On Tue, 22 Mar 2022 07:51:18 GMT, Sibabrata Sahoo wrote:
>> Domain value for system property jdk.https.negotiate.cbt is
>> case-insensitive now. Included Test has been updated to address the change.
>
> Sibabrata Sahoo has updated the pull request incrementally with one
> additional commit
On Tue, 22 Mar 2022 12:28:14 GMT, Sean Mullan wrote:
>> src/java.base/share/classes/sun/security/ssl/CipherSuite.java line 425:
>>
>>> 423: ProtocolVersion.PROTOCOLS_TO_12,
>>> 424: K_RSA, B_3DES, M_SHA, H_SHA256),
>>> 425:
>>
>> It is good to have the supported cipher
On Mon, 21 Mar 2022 17:36:53 GMT, Maurizio Cimadamore
wrote:
>> make/modules/java.base/Lib.gmk line 217:
>>
>>> 215: CXXFLAGS := $(CXXFLAGS_JDKLIB), \
>>> 216: LDFLAGS := $(LDFLAGS_JDKLIB) -Wl$(COMMA)--no-as-needed, \
>>> 217: LIBS := $(LIBCXX) -lc -lm -ldl, \
>>
>> Instead
> This PR contains the API and implementation changes for JEP-424 [1]. A more
> detailed description of such changes, to avoid repetitions during the review
> process, is included as a separate comment.
>
> [1] - https://openjdk.java.net/jeps/424
Maurizio Cimadamore has updated the pull
On Tue, 15 Mar 2022 19:46:09 GMT, Weijun Wang wrote:
>> Sibabrata Sahoo has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Update HttpsCB.java
>
>
On Tue, 22 Mar 2022 00:24:41 GMT, Bradford Wetmore wrote:
>> test/jdk/sun/security/ssl/SSLSocketImpl/SSLSocketSSLEngineCloseInbound.java
>> line 130:
>>
>>> 128: * The following is to set up the keystores/trust material.
>>> 129: */
>>> 130: private static final String
On Tue, 22 Mar 2022 06:15:07 GMT, Xue-Lei Andrew Fan wrote:
>> This fix removes obsolete and deprecated 3DES cipher suites from the default
>> enabled cipher suites list of the SunJSSE provider implementation.
>>
>> Note that 3DES suites are already disabled by default via the
>>
> This PR contains the API and implementation changes for JEP-424 [1]. A more
> detailed description of such changes, to avoid repetitions during the review
> process, is included as a separate comment.
>
> [1] - https://openjdk.java.net/jeps/424
Maurizio Cimadamore has updated the pull
On Tue, 15 Mar 2022 20:22:16 GMT, Kevin Walls wrote:
> Removing permission checks which, in the presence of a Security Manager,
> would check for a RuntimePermission "className.subclass". This was to
> prevent subclassing these classes, but is no longer necessary with strong
> encapsulation
On Mon, 21 Mar 2022 20:19:03 GMT, Kevin Walls wrote:
>> Removing permission checks which, in the presence of a Security Manager,
>> would check for a RuntimePermission "className.subclass". This was to
>> prevent subclassing these classes, but is no longer necessary with strong
>>
> Domain value for system property jdk.https.negotiate.cbt is case-insensitive
> now. Included Test has been updated to address the change.
Sibabrata Sahoo has updated the pull request incrementally with one additional
commit since the last revision:
Update
On Mon, 21 Mar 2022 19:40:07 GMT, Sean Mullan wrote:
> This fix removes obsolete and deprecated 3DES cipher suites from the default
> enabled cipher suites list of the SunJSSE provider implementation.
>
> Note that 3DES suites are already disabled by default via the
>
32 matches
Mail list logo