Hey Valerie,

There are a few calls in this code where an exception is thrown if a bad version is received. It's code that already existed, but would you mind enhancing the exceptions to print the version while editing the code there ?
e.g. P11TlsKeyMaterialGenerator.java
+             throw new InvalidAlgorithmParameterException
+                    ("Only" + (supportSSLv3? " SSL 3.0,": "") +
+                     " TLS 1.0, and TLS 1.1 are supported");


Regards,
Sean.

On 21/09/16 18:28, Valerie Peng wrote:
Good catch, I have fixed all three and updated the webrev:
http://cr.openjdk.java.net/~valeriep/8136355/webrev.01

Thanks for the prompt review~
Valerie

On 9/20/2016 8:11 PM, Xuelei Fan wrote:
P11TlsKeyMaterialGenerator.java
102-106:
There is a bug in the previous code. "&&" should be replaced with "||".
-   (version < 0x0300) && (version > 0x0302)
+   (version < 0x0300) || (version > 0x0302)

The other two have the same issues.  Otherwise, looks fine to me.

BTW, if client request to negotiate SSLv3, the server may not be able to select other crypto provider that supports SSLv3 at present. We may want a further enhancement later. As SSLv3 is fading out, this enhancement may be not our priority. I filed a P3 RFE (JDK-8166425) for the tracking.

Xuelei


On 9/20/2016 8:31 AM, Valerie Peng wrote:
Xuelei,

Could you please help reviewing this change?

There are quite a few test failures on Solaris 12 due to the removal of
Solaris PKCS11 SSL3 mechanisms which SunPKCS11 provider assume to be
always present. I updated relevant classes as well as regression tests
to skip SSL3 testing when the support isn't there.

Bug: https://bugs.openjdk.java.net/browse/JDK-8136355
Webrev: http://cr.openjdk.java.net/~valeriep/8136355/webrev.00/

Thanks,
Valerie


Reply via email to