On Thu, 21 Nov 2024 13:01:41 GMT, Sean Coffey wrote:
>> The `javax.net.debug` TLS debug option is buggy since TLSv1.3 implementation
>> was introduced many years ago.
>>
>> Where "ssl" was previously a value to obtain all TLS debug traces (except
>> network type dumps, verbose data), it now pr
On Thu, 21 Nov 2024 22:36:22 GMT, Sean Mullan wrote:
> Specify that the access control context parameters of
> `Subject.doAsPrivileged` are ignored. This spec update was missed as part of
> JEP 486.
Marked as reviewed by alanb (Reviewer).
-
PR Review: https://git.openjdk.org/jdk/
> The `javax.net.debug` TLS debug option is buggy since TLSv1.3 implementation
> was introduced many years ago.
>
> Where "ssl" was previously a value to obtain all TLS debug traces (except
> network type dumps, verbose data), it now prints only a few lines for a
> standard client TLS connectio
On Fri, 15 Nov 2024 19:50:33 GMT, Artur Barashev wrote:
> These cipher suites do not preserve forward-secrecy and are not commonly
> used. Other TLS implementations (ex: Rustls) do not support or enable these
> suites by default. RFC 9325 [1] states that these suites should not be used.
> The
On Mon, 18 Nov 2024 22:40:40 GMT, Kevin Driver wrote:
> JDK-8341775: In the case where there is a *single* META-INF directory but
> potentially *multiple* manifest files of different cases, print a warning
> before selecting the first one and ignoring the rest (the current behavior
> should be
On Tue, 19 Nov 2024 07:06:15 GMT, David Holmes wrote:
>> There was an extern trace_class_resolution() function that called this _impl
>> function that I removed, so renamed this impl function to
>> trace_class_resolution().
>> It's declared extern in jvm.hp file, and this 'extern' qualifier is
On Tue, 19 Nov 2024 18:01:42 GMT, Volodymyr Paprotski
wrote:
>> Measuring throughput with JMH parameters `-f 1 -i 2 -wi 3 -r 20 -w 30 -p
>> algorithm=AES/CBC/NoPadding -p dataSize=3000 -p provider=SunJCE -p
>> keyLength=128 org.openjdk.bench.javax.crypto.full.AESBench`
>>
>> Before:
>>
On Wed, 20 Nov 2024 20:53:35 GMT, Artur Barashev wrote:
>> These cipher suites do not preserve forward-secrecy and are not commonly
>> used. Other TLS implementations (ex: Rustls) do not support or enable these
>> suites by default. RFC 9325 [1] states that these suites should not be used.
>>
> Now that JEP 486 has been integrated, `java.security.jgss` and
> `jdk.security.jgss` module dependencies on `System.getSecurityManager` and
> `AccessController.doPrivileged*` can be removed.
>
> There is an undocumented property named "sun.security.krb5.autodeducerealm"
> that can probably be
On Thu, 21 Nov 2024 06:49:10 GMT, Andrey Turbanov wrote:
>> Sean Mullan has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Fix minor spacing issues.
>
> src/java.security.jgss/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java
>
On Fri, 15 Nov 2024 17:15:15 GMT, Vladimir Ivanov wrote:
>> This patch remove access to the shared variable to fix scalability issue in
>> the multithread environment. According to testing by the
>> specjvm2008::crypto.rsa the one thread performance reduced for less than 1%
>> while the score
On Fri, 15 Nov 2024 17:15:15 GMT, Vladimir Ivanov wrote:
>> This patch remove access to the shared variable to fix scalability issue in
>> the multithread environment. According to testing by the
>> specjvm2008::crypto.rsa the one thread performance reduced for less than 1%
>> while the score
On Thu, 21 Nov 2024 14:03:37 GMT, Sean Mullan wrote:
>> Now that JEP 486 has been integrated, `java.security.jgss` and
>> `jdk.security.jgss` module dependencies on `System.getSecurityManager` and
>> `AccessController.doPrivileged*` can be removed.
>>
>> There is an undocumented property named
On Wed, 13 Nov 2024 21:14:58 GMT, Volodymyr Paprotski
wrote:
> Measuring throughput with JMH parameters `-f 1 -i 2 -wi 3 -r 20 -w 30 -p
> algorithm=AES/CBC/NoPadding -p dataSize=3000 -p provider=SunJCE -p
> keyLength=128 org.openjdk.bench.javax.crypto.full.AESBench`
>
> Before:
>
> Benc
On Wed, 20 Nov 2024 20:27:48 GMT, Ben Perez wrote:
>> Java implementation of ML-KEM, the [FIPS
>> 203](https://csrc.nist.gov/pubs/fips/203/final) post-quantum KEM scheme.
>> Depends on https://github.com/openjdk/jdk/pull/21167
>
> Ben Perez has updated the pull request incrementally with one ad
> Java implementation of ML-DSA, the FIPS 204 post-quantum signature scheme
> https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf. Depends on
> https://github.com/openjdk/jdk/pull/21167
Ben Perez has updated the pull request incrementally with one additional commit
since the last revision:
> Java implementation of ML-KEM, the [FIPS
> 203](https://csrc.nist.gov/pubs/fips/203/final) post-quantum KEM scheme.
> Depends on https://github.com/openjdk/jdk/pull/21167
Ben Perez has updated the pull request incrementally with one additional commit
since the last revision:
Removed traili
On Thu, 21 Nov 2024 22:24:37 GMT, Ben Perez wrote:
>> Java implementation of ML-DSA, the FIPS 204 post-quantum signature scheme
>> https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf. Depends on
>> https://github.com/openjdk/jdk/pull/21167
>
> Ben Perez has updated the pull request increme
On Thu, 21 Nov 2024 21:55:54 GMT, Alexey Bakhtin wrote:
>> Now that JEP 486 has been integrated, the `javax.net.ssl` and
>> `sun.security.ssl` package implementation dependencies on
>> `System.getSecurityManager`, `AccessController.doPrivileged` and
>> `AccessControlContext` can be removed.
>>
On Thu, 21 Nov 2024 22:45:12 GMT, Sean Mullan wrote:
>> src/java.base/share/classes/javax/net/ssl/TrustManagerFactory.java line 72:
>>
>>> 70: * security property to the desired algorithm name.
>>> 71: *
>>> 72: * @see java.security.Security security properties
>>
>> it looks lik
On Thu, 21 Nov 2024 22:29:00 GMT, Ben Perez wrote:
>> Java implementation of ML-KEM, the [FIPS
>> 203](https://csrc.nist.gov/pubs/fips/203/final) post-quantum KEM scheme.
>> Depends on https://github.com/openjdk/jdk/pull/21167
>
> Ben Perez has updated the pull request incrementally with one ad
On Thu, 21 Nov 2024 17:36:03 GMT, Sean Mullan wrote:
> Some additional text in two `javax.net.ssl` APIs related to access control
> context was missed as part of JEP 483. This behavior no longer applies now
> that the Security Manager is permanently disabled and has been removed.
>
> The imple
On Thu, 21 Nov 2024 17:33:23 GMT, Vladimir Ivanov wrote:
>> Vladimir Ivanov has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> 8317538: Potential bottleneck in Provider::getService:
>> specjvm2008::crypto.rsa have scalability issue for hig
On Fri, 25 Oct 2024 18:18:16 GMT, Vladimir Ivanov wrote:
> This patch remove access to the shared variable to fix scalability issue in
> the multithread environment. According to testing by the
> specjvm2008::crypto.rsa the one thread performance reduced for less than 1%
> while the score for
On Fri, 15 Nov 2024 17:15:15 GMT, Vladimir Ivanov wrote:
>> This patch remove access to the shared variable to fix scalability issue in
>> the multithread environment. According to testing by the
>> specjvm2008::crypto.rsa the one thread performance reduced for less than 1%
>> while the score
On Thu, 21 Nov 2024 17:36:03 GMT, Sean Mullan wrote:
> Some additional text in two `javax.net.ssl` APIs related to access control
> context was missed as part of JEP 483. This behavior no longer applies now
> that the Security Manager is permanently disabled and has been removed.
>
> The imple
On Tue, 19 Nov 2024 20:43:25 GMT, Sean Mullan wrote:
> Now that JEP 486 has been integrated, `java.security.jgss` and
> `jdk.security.jgss` module dependencies on `System.getSecurityManager` and
> `AccessController.doPrivileged*` can be removed.
>
> There is an undocumented property named "sun
On Thu, 14 Nov 2024 23:24:33 GMT, Ben Perez wrote:
>> Java implementation of ML-DSA, the FIPS 204 post-quantum signature scheme
>> https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf. Depends on
>> https://github.com/openjdk/jdk/pull/21167
>
> Ben Perez has updated the pull request increme
> Java implementation of ML-KEM, the [FIPS
> 203](https://csrc.nist.gov/pubs/fips/203/final) post-quantum KEM scheme.
> Depends on https://github.com/openjdk/jdk/pull/21167
Ben Perez has updated the pull request incrementally with one additional commit
since the last revision:
removed unnece
Some additional text in two `javax.net.ssl` APIs related to access control
context was missed as part of JEP 483. This behavior no longer applies now that
the Security Manager is permanently disabled and has been removed.
The implementation changes associated with this will be posted in a separa
On Thu, 21 Nov 2024 15:53:28 GMT, Hai-May Chao wrote:
> I’d like to suggest creating a test program (for better long term support)
> that generates a JAR file with multiple manifest entries and then uses
> JarSigner.Builder() and JarSigner.sign(). The JarSigner.sign() will
> ultimately invoke
Specify that the access control context parameters of `Subject.doAsPrivileged`
are ignored. This spec update was missed as part of JEP 486.
-
Commit messages:
- Spec. updates.
Changes: https://git.openjdk.org/jdk/pull/22312/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=2
On Thu, 21 Nov 2024 18:12:20 GMT, Daniel Fuchs wrote:
> Looks reasonable. Good catch. I guess you will need a small CSR for those
> changes?
Yes, already approved: https://bugs.openjdk.org/browse/JDK-8344653
-
PR Comment: https://git.openjdk.org/jdk/pull/22299#issuecomment-2491953
> Java implementation of ML-DSA, the FIPS 204 post-quantum signature scheme
> https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf. Depends on
> https://github.com/openjdk/jdk/pull/21167
Ben Perez has updated the pull request incrementally with one additional commit
since the last revision:
Now that JEP 486 has been integrated, the `javax.net.ssl` and
`sun.security.ssl` package implementation dependencies on
`System.getSecurityManager`, `AccessController.doPrivileged` and
`AccessControlContext` can be removed.
Most of the changes are straightforward: removal of code calling
`Syst
On Thu, 21 Nov 2024 18:29:24 GMT, Sean Mullan wrote:
> Now that JEP 486 has been integrated, the `javax.net.ssl` and
> `sun.security.ssl` package implementation dependencies on
> `System.getSecurityManager`, `AccessController.doPrivileged` and
> `AccessControlContext` can be removed.
>
> Most
On Wed, 20 Nov 2024 15:01:16 GMT, Artur Barashev wrote:
>> SAP complains about SSLSocketNoServerHelloClientShutdown timing out in their
>> test environment (concurrent test execution with high CPU load). This change
>> addresses this issue in 2 ways:
>> - Increase default timeout value
>> - All
> Java implementation of ML-DSA, the FIPS 204 post-quantum signature scheme
> https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf. Depends on
> https://github.com/openjdk/jdk/pull/21167
Ben Perez has updated the pull request incrementally with one additional commit
since the last revision:
This is a follow up to https://github.com/openjdk/jdk/pull/22086 for AES/CTR
Before:
Benchmark(algorithm) (dataSize) (keyLength) (provider)
Mode CntScoreError Units
AESBench.decrypt AES/CTR/NoPadding3000 128 SunJCE
thrpt3 16.491 ± 0
39 matches
Mail list logo
