Looks good to me.
Xuelei
On 6/27/2019 1:05 AM, sha.ji...@oracle.com wrote:
Hi,
Because Siba has to be offline for some days, now I take over this task.
Please review this updated webrev:
http://cr.openjdk.java.net/~jjiang/8224650/webrev.01/
It covers more cipher suites, and changes SSLSocketTemplate.java on
creating SSL context.
Now, SSLSocketTemplate.java contains new ECDSA certificates on curves
secp384r1 and secp521r1.
But these new certificates are not used by default.
Run all tests in test/jdk/javax/net/ssl and test/jdk/sun/security/ssl,
no failure raised.
Best regards,
John Jiang
On 2019/6/21 16:22, sha.ji...@oracle.com wrote:
Hi Siba,
I have some minor comments.
Now that JDK-8225766 has been fixed, I suppose this test can cover
some ECDHE_ECDSA cipher suites.
48 private static volatile int index;
...
56 for (String c : getCiphers(protocols[index], args[0])) {
...
66 String[] ps = new String[]{protocols[index]};
Could it directly use the protocol value, but not the index in the
protocol array?
Could these cases run concurrently? Otherwise, volatile may be
unnecessary.
In fact, I think both of parameters cipher and index (or directly
protocol) would not be static.
They would be the members of class NamedGroupsWithCipherSuite, and can
be passed to the class constructor.
Then, every case run, say "new NamedGroupsWithCipherSuite(cipher,
protocol).run()", could not concern these TLS parameters are modified
by others.
123 /**
124 * Get some TLSv1.1 supported ciphers.
125 */
126 private static List<String> tlsCiphers() {
...
131
132 /**
133 * Get some TLSv1.1 supported ciphers.
134 */
135 private static List<String> dheCiphers() {
The above methods would have different docs.
More spaces would be needed in the array initialization statements,
for example,
66 String[] ps = new String[]{protocols[index]};
71 socket.setEnabledCipherSuites(new String[]{cipher});
Of course, this point is trivial.
Best regards,
John Jiang
On 2019/6/21 14:59, Sibabrata Sahoo wrote:
Hi Xuelei/Brad,
Please review the patch for,
JBS: https://bugs.openjdk.java.net/browse/JDK-8224650
Webrev: http://cr.openjdk.java.net/~ssahoo/8224650/webrev.00/
This is a small Test inherited from “SSLSocketTemplate” and reuse
most part of it. The only difference is, it uses supported named
groups along with a fixed set of ciphers supported with different TLS
protocols. Though there are large number of supported ciphers but I
have selected few to ensure the Test does not take much time to
complete the execution. Please let me know if you have any suggestion
for improvement.
Thanks,
Siba
