Concerning the question:
>Also the note about TLS 1.3 in the same section isn't entirely clear
to me. What does it mean when the docs say "the contents of stateless
>tickets, in particular, the contents of a NewSessionTicket message,
>depend on the value of jdk.tls.server.enableSessionTicketExten
On Mon, 8 Mar 2021 15:27:45 GMT, John Jiang wrote:
> If signature_algorithms extension is present, but the algorithms are
> unreconginzed or unsupported, JSSE peers should send fatal alert immediately.
> For example, in this case, it's unnecssary to try to produce ServerHello,
> Certificate and
Hi Martin,
your backport looks good. I see the new tests pass and our testing does not
unveil other regressions. Reviewed.
Oracle has already included this item in 11.0.10 but it fell through the cracks
for OpenJDK 11u due to an issue with the updates filter. However, it seems like
an importan
Thanks Ralph. I figured that out already. However, the docs are
(still) a bit misleading here. Let me quote:
> For TLS 1.3, stateless tickets use the existing PSK resumption extension.
> Therefore, session resumption **without server-site** state doesn't require
> these two properties. However,
On Thu, 18 Mar 2021 07:07:56 GMT, Prajwal Kumaraswamy
wrote:
> **Scenario:**
> 1. Issue occurs in a muti-threaded environment where SSL socket read() and
> close() are invoked in parallel.
> 2. SSL socket read is already called.
> 2. close() calls waitForCloseNotify() -> decode() ->-> socke
Hi Daniel,
I agree that the doc is a bit misleading. Maybe, the TLS 1.2 part can be put
into the note:
--
jdk.tls.server.enableSessionTicketExtension: Enables a server to use stateless
session
tickets. A value of true (default value) enables the use of stateless session
On Fri, 19 Mar 2021 14:46:38 GMT, Greg Rubin
wrote:
>> I am also not comfortable adding this feature to the JDK, especially since
>> every build of the JDK would by default have this feature enabled. Logging
>> sensitive information to log files is not good security practice (there are
>> man
This enhancement contains the following code changes:
1. Create a new public API `javax/xml/crypto/dsig/spec/RSAPSSParameterSpec` and
remove the internal one.
2. Update marshaling and unmarshaling code inside `DOMRSAPSSSignatureMethod` so
it understands extra fields in `PSSParameterSpec` and is
On Wed, 24 Mar 2021 21:36:21 GMT, Weijun Wang wrote:
> This enhancement contains the following code changes:
>
> 1. Create a new public API `javax/xml/crypto/dsig/spec/RSAPSSParameterSpec`
> and remove the internal one.
> 2. Update marshaling and unmarshaling code inside `DOMRSAPSSSignatureMeth
On Wed, 24 Mar 2021 03:25:02 GMT, Ziyi Luo wrote:
>> This is a P2 regression introduced by JDK-8254717.
>>
>> In `RSAKeyFactory.engineGetKeySpec`, when the key is a RSA key and the
>> KeySpec is RSAPrivateKeySpec or RSAPrivateCrtKeySpec. The method behavior is
>> described as follow:
>>
>> X-
On Wed, 24 Mar 2021 03:25:02 GMT, Ziyi Luo wrote:
>> This is a P2 regression introduced by JDK-8254717.
>>
>> In `RSAKeyFactory.engineGetKeySpec`, when the key is a RSA key and the
>> KeySpec is RSAPrivateKeySpec or RSAPrivateCrtKeySpec. The method behavior is
>> described as follow:
>>
>> X-
On Wed, 24 Mar 2021 03:25:02 GMT, Ziyi Luo wrote:
>> This is a P2 regression introduced by JDK-8254717.
>>
>> In `RSAKeyFactory.engineGetKeySpec`, when the key is a RSA key and the
>> KeySpec is RSAPrivateKeySpec or RSAPrivateCrtKeySpec. The method behavior is
>> described as follow:
>>
>> X-
On Wed, 24 Mar 2021 22:17:56 GMT, Valerie Peng wrote:
>> Ziyi Luo has updated the pull request incrementally with two additional
>> commits since the last revision:
>>
>> - Remove trailing whitespace
>> - Refactor P11RSAKeyFactory and improve tests
>
> test/jdk/sun/security/pkcs11/rsa/TestP11
On Tue, 23 Mar 2021 01:01:14 GMT, Valerie Peng wrote:
>> P11PrivateKey is private so we cannot check that. Our options to figure out
>> if something is sensitive are:
>> 1. See if it doesn't implement `RSAPrivateKey` (this yields the prior
>> snippet with `implGetSoftwareFactory()`)
>> 2. Try t
On Wed, 24 Mar 2021 03:25:02 GMT, Ziyi Luo wrote:
>> This is a P2 regression introduced by JDK-8254717.
>>
>> In `RSAKeyFactory.engineGetKeySpec`, when the key is a RSA key and the
>> KeySpec is RSAPrivateKeySpec or RSAPrivateCrtKeySpec. The method behavior is
>> described as follow:
>>
>> X-
On Wed, 24 Mar 2021 22:35:13 GMT, Valerie Peng wrote:
>> Ziyi Luo has updated the pull request incrementally with two additional
>> commits since the last revision:
>>
>> - Remove trailing whitespace
>> - Refactor P11RSAKeyFactory and improve tests
>
> test/jdk/sun/security/pkcs11/nss/p11-nss
On Wed, 24 Mar 2021 22:24:45 GMT, Greg Rubin
wrote:
>> test/jdk/sun/security/pkcs11/rsa/TestP11KeyFactoryGetRSAKeySpec.java line 91:
>>
>>> 89: if (testingSensitiveKeys) {
>>> 90: // Expected exception so swallow it
>>> 91: ex.printStackTrace();
>>
>
> This is a P2 regression introduced by JDK-8254717.
>
> In `RSAKeyFactory.engineGetKeySpec`, when the key is a RSA key and the
> KeySpec is RSAPrivateKeySpec or RSAPrivateCrtKeySpec. The method behavior is
> described as follow:
>
> X-axis: type of `keySpec`
> Y-axis: type of `key`
>
> Before
On Tue, 23 Mar 2021 18:39:27 GMT, Greg Rubin
wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Changed AlgorithmParameters impls to register under AES/KW/NoPadding and
>> AES/KWP/NoPadding
>
> src/java.base/share/
On Tue, 23 Mar 2021 18:41:26 GMT, Greg Rubin
wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Changed AlgorithmParameters impls to register under AES/KW/NoPadding and
>> AES/KWP/NoPadding
>
> src/java.base/share/
On Tue, 23 Mar 2021 19:56:40 GMT, Greg Rubin
wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Changed AlgorithmParameters impls to register under AES/KW/NoPadding and
>> AES/KWP/NoPadding
>
> src/java.base/share/
On Mon, 22 Mar 2021 18:48:47 GMT, Valerie Peng wrote:
>> This change updates SunJCE provider as below:
>> - updated existing AESWrap support with AES/KW/NoPadding cipher
>> transformation.
>> - added support for AES/KWP/NoPadding and AES/KW/PKCS5Padding.
>>
>> Existing AESWrap impl, i.e. AESWr
On Tue, 23 Mar 2021 19:18:14 GMT, Greg Rubin
wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Changed AlgorithmParameters impls to register under AES/KW/NoPadding and
>> AES/KWP/NoPadding
>
> test/jdk/com/sun/cry
On Thu, 18 Mar 2021 07:07:56 GMT, Prajwal Kumaraswamy
wrote:
> **Scenario:**
> 1. Issue occurs in a muti-threaded environment where SSL socket read() and
> close() are invoked in parallel.
> 2. SSL socket read is already called.
> 2. close() calls waitForCloseNotify() -> decode() ->-> socke
On Wed, 17 Mar 2021 17:23:03 GMT, Xue-Lei Andrew Fan wrote:
> Remove redundant lock in SSLSocketImpl.
>
> In the SSLSocketImpl, there is a socket level lock while reading application
> data (see readApplicationRecord).
>
> socketLock.lock();
> try {
>
On Wed, 17 Mar 2021 17:23:03 GMT, Xue-Lei Andrew Fan wrote:
> Remove redundant lock in SSLSocketImpl.
>
> In the SSLSocketImpl, there is a socket level lock while reading application
> data (see readApplicationRecord).
>
> socketLock.lock();
> try {
>
On Wed, 17 Mar 2021 17:23:03 GMT, Xue-Lei Andrew Fan wrote:
> Remove redundant lock in SSLSocketImpl.
>
> In the SSLSocketImpl, there is a socket level lock while reading application
> data (see readApplicationRecord).
>
> socketLock.lock();
> try {
>
27 matches
Mail list logo
