On 6/15/2018 9:27 AM, Anthony Scarpino wrote:
On 06/15/2018 06:53 AM, Xuelei Fan wrote:
SSLCipher.java
--------------
In the implementation, the key usage impacts the write side only. I
think the read side should also limit the key usage.
I remember it being discussed many many months ago we at first planned
to do the read side, but then decided it was not necessary. Are we
changing the decision?
It is a little bit tricky that the key and iv update triggers the write
side key/iv update only. If the peer does not implement the key usage
limit, and the local read a large bunch of data, there is a risk to
exceed the key usage limit. It might worthy an improvement by adding
the read side key usage limit later.
The crypto limit issues applies to TLS 1.2 and prior versions as well.
I know we talked about doing this but I believe we decided against doing
this because in prior versions can ignore HelloRequest and other
complications that could cause sessions to be disconnected. I think it
was also a nice to have but 1.3 was more important, prior version could
be done later.
Yes, we can do it later.
I added a track in the JBS:
https://bugs.openjdk.java.net/browse/JDK-8204636
Xuelei
Xuelei
On 6/8/2018 10:21 AM, Xuelei Fan wrote:
Here is the 3rd full webrev:
http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.02
and the delta update to the 1st webrev:
http://cr.openjdk.java.net/~xuelei/8196584/webrev-delta.01
Xuelei
On 6/3/2018 9:43 PM, Xuelei Fan wrote:
Hi,
Here it the 2nd full webrev:
http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.01
and the delta update to the 1st webrev:
http://cr.openjdk.java.net/~xuelei/8196584/webrev-delta.00/
Xuelei
On 5/25/2018 4:45 PM, Xuelei Fan wrote:
Hi,
I'd like to invite you to review the TLS 1.3 implementation. I
appreciate it if I could have compatibility and specification
feedback before May 31, 2018, and implementation feedback before
June 7, 2018.
Here is the webrev:
http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.00
The formal TLS 1.3 specification is not finalized yet, although it
had been approved to be a standard. The implementation is based on
the draft version 28:
https://tools.ietf.org/html/draft-ietf-tls-tls13-28
For the overall description of this enhancement, please refer to
JEP 332:
http://openjdk.java.net/jeps/332
For the compatibility and specification update, please refer to CSR
8202625:
https://bugs.openjdk.java.net/browse/JDK-8202625
Note that we are using the sandbox for the development right now.
For more information, please refer to Bradford's previous email:
http://mail.openjdk.java.net/pipermail/security-dev/2018-May/017139.html
Thanks & Regards,
Xuelei
