[13] RFR CSR 8224520: Support X25519 and X448 in TLS

Please review the following CSR at: https://bugs.openjdk.java.net/browse/JDK-8224520 This adds the x25519/x448 named Elliptic Curves to TLS. Thanks, Brad

Re: [13] RFR CSR 8224520: Support X25519 and X448 in TLS

Hi Brad, Would like add a note about the preference order of x25519/x448? Thanks, Xuelei On 5/21/2019 1:17 PM, Bradford Wetmore wrote: Please review the following CSR at:    https://bugs.openjdk.java.net/browse/JDK-8224520 This adds the x25519/x448 named Elliptic Curves to TLS. Thanks, B

RFR: 8202651: Test ActalisCA.java and ComodoCA fails

Please review this fix to update test certificates used in Actalis and Comodo CA interop tests. The bug also mentioned QuoVadisCA test but I am not able to reproduce the failure. For Actalis CA, I couldn't get revoked test certificate but the test is updated for valid certificate and will pass

Re: [13] RFR CSR 8224520: Support X25519 and X448 in TLS

I've updated with the proposed ordered list of groups. Brad On 5/21/2019 1:39 PM, Xuelei Fan wrote: Hi Brad, Would like add a note about the preference order of x25519/x448? Thanks, Xuelei On 5/21/2019 1:17 PM, Bradford Wetmore wrote: Please review the following CSR at:     https://bugs.

Re: [13] RFR JDK-8080462: Update SunPKCS11 provider with PKCS11 v2.40 support

I thought we always file CSR when updating the version of external standard, e.g. documenting the import aspect of JDK. I'd love to close/withdraw the CSR if it's not needed. Thanks, Valerie On 5/20/2019 12:11 PM, Sean Mullan wrote: On 5/17/19 3:56 PM, Valerie Peng wrote: Thanks Martin fo

RFR: CSR for 8211018 Session Resumption without Server-Side State

Hi All, Please review the CSR for the stateless Server Side https://bugs.openjdk.java.net/browse/JDK-8223922 thanks Tony

Re: [13] RFR JDK-7107615 "scalability bloker in javax.crypto.JceSecurity"

Well, I initially tried to use the computeIfAbsent, and I really like how the resulting code looks. But then as I checked the javadoc of the computeIfAbsent method, it seems that the provider verification code does not meet the criteria of short, simple requirement of the mapping func. In ad

Re: RFR 8211018: Session Resumption without Server-Side State

Hi all, I’ve updated in-place some recent changes due to some additional testing Tony > On May 16, 2019, at 2:30 PM, Anthony Scarpino > wrote: > > I'm asking for a review of this rather large change to add support stateless > tickets in the TLS 1.3 5077 RFC. > https://bugs.openjdk.java.net

Re: [13] RFR JDK-7107615 "scalability bloker in javax.crypto.JceSecurity"

Hi Daniel, Good point, I assumed that this general purpose parameterized IdentityWrapper class can easily be leveraged for similar fixes if needed. As currently, only Provider type is used so it doesn't really needs to use parameter type. I will update and re-test. My local build and testing

Re: RFR 8215032: Support Kerberos cross-realm referrals (RFC 6806)

Sorry for the late reply. Comments below: 1. ReferralsState::handleError cname = new PrincipalName(cname.getNameString().replaceAll( PrincipalName.NAME_REALM_SEPARATOR + "", "" + PrincipalName.NAME_REALM_SEPARATOR), cname.getNameType(), referredRealm.toString()); Why is the escap