On Fri, 22 Oct 2021 18:45:31 GMT, Xue-Lei Andrew Fan <xue...@openjdk.org> wrote:
>> The current code that changes cipher suites disposes the new suite instead >> of the old one, which usually silently fails. This patch fixes the code to >> dispose the old instance instead. >> >> DTLS appears to be unaffected: DTLSOutputRecord keeps 2 ciphers and >> correctly [disposes the old >> one](https://github.com/openjdk/jdk/blob/739769c8fc4b496f08a92225a12d07414537b6c0/src/java.base/share/classes/sun/security/ssl/DTLSOutputRecord.java#L106), >> and DTLSInputRecord [doesn't dispose >> anything](https://github.com/openjdk/jdk/blob/4b9303b77b43d890ebacbec38b4ac5db7e171886/src/java.base/share/classes/sun/security/ssl/DTLSInputRecord.java#L57) > > Did you want to cover the update for line 222 at OutputRecord.java as well? Thanks @XueleiFan , but I guess this needs a bit more love. Just finished running jdk_security tests, and a few tests failed, apparently related: javax/net/ssl/SSLEngine/NoAuthClientAuth.java javax/net/ssl/TLSv1/TLSRehandshakeTest.java javax/net/ssl/TLSv1/TLSRehandshakeWithCipherChangeTest.java javax/net/ssl/TLSv1/TLSRehandshakeWithDataExTest.java javax/net/ssl/TLSv11/TLSRehandshakeTest.java javax/net/ssl/TLSv11/TLSRehandshakeWithDataExTest.java I'll see if I can figure this out. ------------- PR: https://git.openjdk.java.net/jdk/pull/6084
