Hi Xuelei,
<sun/security/ssl/RSASignature.java> There seems to be inconsistency in
whether you can override the internal md5, sha1 digest objects through
the engineSetParameter(String, Object) call. Assuming we no longer need
to override the internal digest objects, we can remove
getInternalInstance(), setHashes(...). Also, not sure how useful is
RSASignature.getInstance() as it simply calls
JsseJce.getSignature(JsseJce.SIGNATURE_SSLRSA);
Still looking at more files, just thought that I will get this to you first.
Valerie
On 2/20/2018 11:57 AM, Xuelei Fan wrote:
Hi,
I'd like to invite you to review the TLS 1.3 full handshake
implementation. I appreciate it if I could have feedback before March
9, 2018.
In the "JDK-8185576: New handshake implementation" [1] code review
around, I was trying to re-org the TLS handshaking implementation in the
SunJSSE provider. If you had reviewed that part, you can start from
the following webrev that based on the update of JDK-8185576:
http://cr.openjdk.java.net/~xuelei/8196584/webrev-step.00
If you would like start from earlier, here is the webrev that contains
the handshaking implementation re-org in JDK-8185576:
http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.00
This changeset only implements the full handshake of TLS 1.3, rather
then a fully implementation of the latest TLS 1.3 draft [2].
In this implementation, I removed:
1. the KRB5 cipher suite implementation.
Please let me know if you are still using KRB5 cipher suite. I may
not add them back if no objections.
2. OCSP stapling.
This feature will be added back later.
Resumption and key update, and more features may be added later.
Thanks & Regards,
Xuelei
[1]:
http://mail.openjdk.java.net/pipermail/security-dev/2017-December/016642.html
[2]: https://tools.ietf.org/html/draft-ietf-tls-tls13-24
