Oops, another place needs change http://hg.openjdk.java.net/jdk/sandbox/rev/64aa781522be
--Max > On Jun 7, 2018, at 11:03 PM, Xuelei Fan <xuelei....@oracle.com> wrote: > > Looks fine to me. Thanks! > > Xuelei > > On 6/7/2018 8:01 AM, Weijun Wang wrote: >> Still at >> http://cr.openjdk.java.net/~weijun/9999999/webrev.more-krb5-cleanup/ >> I keep the existing unsupported KRB5 ciphersuites and move the 10 previously >> supported ones there. >> --Max >>> On Jun 7, 2018, at 10:49 PM, Weijun Wang <weijun.w...@oracle.com> wrote: >>> >>> >>> >>>> On Jun 7, 2018, at 10:47 PM, Xuelei Fan <xuelei....@oracle.com> wrote: >>>> >>>> CipherSuite.java >>>> ---------------- >>>> I think we may still want to have KRB5 cipher suite in the unsupported >>>> list, as we did for from line 455. >>>> >>>> - TLS_KRB5_WITH_3DES_EDE_CBC_SHA( >>>> - 0x001F, false, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA", "", >>>> - ProtocolVersion.PROTOCOLS_TO_T12, >>>> - K_KRB5, B_3DES, M_SHA, H_SHA256), >>>> + TLS_KRB5_WITH_3DES_EDE_CBC_SHA("TLS_KRB5_WITH_3DES_EDE_CBC_SHA", >>>> 0x001F), >>> >>> Or >>> >>> CS_001F("TLS_KRB5_WITH_3DES_EDE_CBC_SHA", 0x001F), >>> >>> which matches the naming style of other unsupported CS. >>> >>> --Max >>> >>>> >>>> I may prefer to have lines 545-549 (old lines) there as unsupported cipher >>>> suites. >>>> >>>> Otherwise, looks fine to me. >>>> >>>> Thanks, >>>> Xuelei >>>> >>>> >>>> On 6/7/2018 7:41 AM, Weijun Wang wrote: >>>>> Please take a review >>>>> http://cr.openjdk.java.net/~weijun/9999999/webrev.more-krb5-cleanup/ >>>>> --Max >>>>>> On Jun 7, 2018, at 10:24 PM, Xuelei Fan <xuelei....@oracle.com> wrote: >>>>>> >>>>>>> Yes, please KRB5 cipher suite from the supported list. >>>>>> Typo: Yes, please remove KRB5 cipher suite from the supported list. >>>>>> >>>>>> On 6/7/2018 7:23 AM, Xuelei Fan wrote: >>>>>>> Yes, please KRB5 cipher suite from the supported list. >>>>>>> For the public APIs part, please leave it as it is before we deprecate >>>>>>> the specification. Some other JSSE provider might still support KRB5 >>>>>>> cipher suites. >>>>>>> Xuelei >>>>>>> On 6/7/2018 1:45 AM, Weijun Wang wrote: >>>>>>>> And there are the Kerberos word in public APIs: >>>>>>>> >>>>>>>> share/classes/javax/net/ssl/SSLContext.java >>>>>>>> 336: * Some cipher suites (such as Kerberos) require remote >>>>>>>> hostname >>>>>>>> 366: * Some cipher suites (such as Kerberos) require remote >>>>>>>> hostname >>>>>>>> >>>>>>>> share/classes/javax/net/ssl/HttpsURLConnection.java >>>>>>>> 106: * such as Kerberos, will throw an SSLPeerUnverifiedException. >>>>>>>> 130: * such as Kerberos. >>>>>>>> 134: * KerberosPrincipal for Kerberos cipher suites. >>>>>>>> 158: * return null for non-certificate based ciphersuites, such as >>>>>>>> Kerberos. >>>>>>>> 162: * KerberosPrincipal for Kerberos cipher suites. If no >>>>>>>> principal was >>>>>>>> >>>>>>>> share/classes/javax/net/ssl/SSLContextSpi.java >>>>>>>> 90: * Some cipher suites (such as Kerberos) require remote hostname >>>>>>>> 110: * Some cipher suites (such as Kerberos) require remote >>>>>>>> hostname >>>>>>>> >>>>>>>> share/classes/javax/net/ssl/SSLEngine.java >>>>>>>> 395: * Some cipher suites (such as Kerberos) require remote >>>>>>>> hostname >>>>>>>> 397: * constructor to use Kerberos. >>>>>>>> >>>>>>>> share/classes/javax/net/ssl/SSLSession.java >>>>>>>> 221: * such as Kerberos, will throw an SSLPeerUnverifiedException. >>>>>>>> 264: * such as Kerberos, will throw an SSLPeerUnverifiedException. >>>>>>>> 295: * KerberosPrincipal for Kerberos cipher suites. >>>>>>>> 313: * KerberosPrincipal for Kerberos cipher suites. If no >>>>>>>> principal was >>>>>>>> >>>>>>>> share/classes/javax/net/ssl/HandshakeCompletedEvent.java >>>>>>>> 122: * such as Kerberos, will throw an SSLPeerUnverifiedException. >>>>>>>> 145: * such as Kerberos, will throw an SSLPeerUnverifiedException. >>>>>>>> 178: * KerberosPrincipal for Kerberos cipher suites. >>>>>>>> 208: * KerberosPrincipal for Kerberos cipher suites. If no >>>>>>>> principal was >>>>>>>> >>>>>>>> --Max >>>>>>>> >>>>>>>>> On Jun 7, 2018, at 4:31 PM, Weijun Wang <weijun.w...@oracle.com> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>> I still see K_KRB5 KeyExchange and TLS_KRB5_WITH_3DES_EDE_CBC_SHA etc >>>>>>>>> in CipherSuite.java. Shall I also remove them. >>>>>>>>> >>>>>>>>> Thanks >>>>>>>>> Max >>>>>>>>> >>>>>>>> >>>
