Hi Thomas,
The TLS cipher suites have been decoupled from the ChaCha20/Poly1305 JEP
because of the changes in the new handshake design [1] for our JSSE
provider. From a programmatic/schedule perspective, it made more sense
to get the algorithms in ahead of the TLS cipher suites and then add the
cipher suites once the handshaking code is a bit farther along in its
implementation.
With respect to a pluggable interface for TLS cipher suites and hello
extensions, this is an area we have done some investigation on in the
past, but haven't seriously pursued it due to other features taking a
higher priority in each release. It is certainly a topic that we can
discuss on the alias in terms of how one would go about doing it.
It appears that you've signed an OCA (Oracle Contributor Agreement) but
I would probably start with discussions on designing APIs for plugging
in extensions and/or cipher suites before we start looking at code.
Your thoughts on the design for these features would be welcome.
[1] http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.01/
--Jamil
On 3/22/2018 3:26 PM, Thomas Lußnig wrote:
Hi,
is there any reason that the cipher and and the tls inclusion is split
into two separate jep?
And the second question is why is there no way for user to add new
cipher suites that can
be used in the tls protocol? Since i extend jdk8 with chacha for tls i
know that it would be
no big issue to add an API that allow to add new CipherSuites this
would be an great improvement
if the TLS-Protocol and the CIPHER-Implementation is more loose coupled.
Also an plugin system for TLS-Hello Extensions would be great.
Gruß Thomas
On 3/22/2018 10:19 PM, mark.reinh...@oracle.com wrote:
New JEP Candidate: http://openjdk.java.net/jeps/329
- Mark
