Re: Code Review Request: TLS 1.3 Implementation

Fri, 15 Jun 2018 09:28:46 -0700 

On 06/15/2018 06:53 AM, Xuelei Fan wrote:

SSLCipher.java
--------------
In the implementation, the key usage impacts the write side only.   I think the read side should also limit the key usage. 


I remember it being discussed many many months ago we at first planned 
to do the read side, but then decided it was not necessary.  Are we 
changing the decision?




The crypto limit issues applies to TLS 1.2 and prior versions as well.



I know we talked about doing this but I believe we decided against doing 
this because in prior versions can ignore HelloRequest and other 
complications that could cause sessions to be disconnected.  I think it 
was also a nice to have but 1.3 was more important, prior version could 
be done later.




Xuelei

On 6/8/2018 10:21 AM, Xuelei Fan wrote:

Here is the 3rd full webrev:
    http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.02

and the delta update to the 1st webrev:
    http://cr.openjdk.java.net/~xuelei/8196584/webrev-delta.01

Xuelei

On 6/3/2018 9:43 PM, Xuelei Fan wrote:

Hi,

Here it the 2nd full webrev:
   http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.01

and the delta update to the 1st webrev:
   http://cr.openjdk.java.net/~xuelei/8196584/webrev-delta.00/

Xuelei

On 5/25/2018 4:45 PM, Xuelei Fan wrote:

Hi,


I'd like to invite you to review the TLS 1.3 implementation.  I 
appreciate it if I could have compatibility and specification 
feedback before May 31, 2018, and implementation feedback before 
June 7, 2018.


Here is the webrev:
     http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.00


The formal TLS 1.3 specification is not finalized yet, although it 
had been approved to be a standard.  The implementation is based on 
the draft version 28:

     https://tools.ietf.org/html/draft-ietf-tls-tls13-28


For the overall description of this enhancement, please refer to JEP 
332:

     http://openjdk.java.net/jeps/332


For the compatibility and specification update, please refer to CSR 
8202625:

     https://bugs.openjdk.java.net/browse/JDK-8202625


Note that we are using the sandbox for the development right now. 
For more information, please refer to Bradford's previous email:



http://mail.openjdk.java.net/pipermail/security-dev/2018-May/017139.html 



Thanks & Regards,
Xuelei

























					Reply via email to