That one was hard to see. Pushed. Thanks, Martin
> -----Original Message----- > From: Hohensee, Paul <[email protected]> > Sent: Donnerstag, 8. April 2021 23:36 > To: Doerr, Martin <[email protected]>; Langer, Christoph > <[email protected]>; jdk-updates-dev <jdk-updates- > [email protected]>; security-dev <[email protected]> > Cc: Lindenmaier, Goetz <[email protected]> > Subject: RE: [11u] RFR: 8226374: Restrict TLS signature schemes and named > groups > > Ouch, missed that. Good to go. > > Thanks, > Paul > > -----Original Message----- > From: "Doerr, Martin" <[email protected]> > Date: Thursday, April 8, 2021 at 2:53 AM > To: "Hohensee, Paul" <[email protected]>, "Langer, Christoph" > <[email protected]>, jdk-updates-dev <jdk-updates- > [email protected]>, security-dev <[email protected]> > Cc: "Lindenmaier, Goetz" <[email protected]> > Subject: RE: [11u] RFR: 8226374: Restrict TLS signature schemes and named > groups > > Hi Paul and Christoph, > > thank you for the review and the approval. > > I've added the blank line. > In addition, I've reviewed the whole change again and found a copy & paste > bug in my webrev.00: > SECT283_K1(0x0009, "sect283k1", true, > NamedGroupSpec.NAMED_GROUP_ECDHE, > ProtocolVersion.PROTOCOLS_TO_12, > - CurveDB.lookup("sect163k1")), > + CurveDB.lookup("sect283k1")), > > This is the version I'm planning to push: > http://cr.openjdk.java.net/~mdoerr/8226374_TLS_11u/webrev.01/ > > Tests have passed. > > Best regards, > Martin > > > > -----Original Message----- > > From: Hohensee, Paul <[email protected]> > > Sent: Donnerstag, 8. April 2021 01:01 > > To: Langer, Christoph <[email protected]>; Doerr, Martin > > <[email protected]>; jdk-updates-dev <jdk-updates- > > [email protected]>; security-dev <[email protected]> > > Cc: Lindenmaier, Goetz <[email protected]> > > Subject: RE: [11u] RFR: 8226374: Restrict TLS signature schemes and named > > groups > > > > Hmm, could have sworn... > > > > Thanks, > > Paul > > > > -----Original Message----- > > From: "Langer, Christoph" <[email protected]> > > Date: Wednesday, April 7, 2021 at 3:16 PM > > To: "Hohensee, Paul" <[email protected]>, "Doerr, Martin" > > <[email protected]>, jdk-updates-dev <jdk-updates- > > [email protected]>, security-dev <[email protected]> > > Cc: "Lindenmaier, Goetz" <[email protected]> > > Subject: RE: [11u] RFR: 8226374: Restrict TLS signature schemes and named > > groups > > > > Hi Paul, > > > > thanks for the review. The CSR that Martin mentions is the one that Oracle > > has filed for 11.0.12-oracle. so we can simply reuse it. > > > > As for 13, there exists a CSR as well: JDK-8256335 > > > > Best regards > > Christoph > > > > > -----Original Message----- > > > From: Hohensee, Paul <[email protected]> > > > Sent: Mittwoch, 7. April 2021 23:42 > > > To: Doerr, Martin <[email protected]>; jdk-updates-dev <jdk- > > updates- > > > [email protected]>; security-dev <[email protected]> > > > Cc: Lindenmaier, Goetz <[email protected]>; Langer, > Christoph > > > <[email protected]> > > > Subject: Re: [11u] RFR: 8226374: Restrict TLS signature schemes and > named > > > groups > > > > > > The backport looks fine, except there's a missing blank line after > > FFDHE_2048 > > > in NamedGroup.java. :) Thanks for filing a CSR (there doesn't seem to be > > one > > > for the 13u backport: perhaps Yan will add one after the fact). I'm not a > > > security person, so it would be great if someone who is reviews the CSR > to > > > see if there are any 11u-specific issues with it. > > > > > > Thanks, > > > Paul > > > > > > -----Original Message----- > > > From: jdk-updates-dev <[email protected]> on > > > behalf of "Doerr, Martin" <[email protected]> > > > Date: Wednesday, April 7, 2021 at 9:10 AM > > > To: jdk-updates-dev <[email protected]>, security-dev > > > <[email protected]> > > > Cc: "Lindenmaier, Goetz" <[email protected]>, "Langer, > > > Christoph" <[email protected]> > > > Subject: [11u] RFR: 8226374: Restrict TLS signature schemes and named > > > groups > > > > > > Hi, > > > > > > JDK-8226374 is backported to 11.0.12-oracle. I'd like to backport it for > parity. > > > It doesn't apply cleanly. I've taken the 13u backport as source because it > > > resolves the wrong backport order with JDK-8242141. > > > > > > Bug: > > > https://bugs.openjdk.java.net/browse/JDK-8226374 > > > > > > 11u CSR: > > > https://bugs.openjdk.java.net/browse/JDK-8264555 > > > > > > Original change (JDK14): > > > https://hg.openjdk.java.net/jdk/jdk/rev/a93b7b28f644 > > > > > > 13u backport: > > > https://github.com/openjdk/jdk13u-dev/commit/384445d2 > > > > > > 11u rejected hunks (integrated manually): > > > > > > http://cr.openjdk.java.net/~mdoerr/8226374_TLS_11u/8226374_TLS_rej.txt > > > > > > my new 11u backport: > > > http://cr.openjdk.java.net/~mdoerr/8226374_TLS_11u/webrev.00/ > > > > > > Please review. > > > > > > Best regards, > > > Martin > > > > > >
