Looks fine to me.
Thanks,
Xuelei
On 6/26/2018 12:09 AM, Sibabrata Sahoo wrote:
Hi Xuelei,
Please review the updated webrev:
http://cr.openjdk.java.net/~ssahoo/8205111/webrev.01/
- Now rsa_pss_pss* uses " DHE or ECDHE_RSA " ciphers for TLSv1.2 which is
working fine now.
- Additional code added for " read/write " after re-handshake.
John,
- PKCS12 used instead of JKS.
- Comment section for private key updated.
- try with resource used for socket.
- "clientRenegoReady" variable is actually used and updated. Please check the
Client section too. It is used for re-handshake completion. Yes it Is working as expected.
- Multiple @run added to have the flexibility to change the parameter(Cipher)
which are not in order(shuffled).
Thanks,
Siba
-----Original Message-----
From: Xuelei Fan
Sent: Thursday, June 21, 2018 7:28 PM
To: Sibabrata Sahoo <sibabrata.sa...@oracle.com>; security-dev@openjdk.java.net
Subject: Re: [11] RFR: JDK-8205111: Develop new Test to verify different key
types for supported TLS protocols.
Note that rsa_pss_pss cannot work with TLS_RSA_WITH cipher suites, as this
algorithm is limited to signature whiel TLS_RSA cipher suites need key
encipherment. In lines 135-156, you can replace the TLS_RSA cipher suite with
DHE or ECDHE_RSA.
For the re-handshake part, please read/write something after the call to
startHandshake() in each side. Otherwise, the key-update and session
resumption may not complete before socket close.
Otherwise, looks fine to me.
Thanks,
Xuelei
On 6/20/2018 11:58 PM, Sibabrata Sahoo wrote:
Hi Xuelei,
Please review the patch for,
JBS: https://bugs.openjdk.java.net/browse/JDK-8205111
Webrev: http://cr.openjdk.java.net/~ssahoo/8205111/webrev.00/
Change:
This Test file verifies all TLS protocols with the supported keytypes.
Thanks,
Siba
