On Wed, 13 Apr 2022 20:32:02 GMT, Daniel Jeliński <[email protected]> wrote:
>> During TLS handshake, hundreds of constraints are evaluated to determine
>> which cipher suites are usable. Most of the evaluations are performed using
>> `HandshakeContext#algorithmConstraints` object. By default that object
>> contains a `SSLAlgorithmConstraints` instance wrapping another
>> `SSLAlgorithmConstraints` instance. As a result the constraints defined in
>> `SSLAlgorithmConstraints` are evaluated twice.
>>
>> This PR improves the default case; if the user-specified constraints are
>> left at defaults, we use a single `SSLAlgorithmConstraints` instance, and
>> avoid duplicate checks.
>
> Daniel Jeliński has updated the pull request incrementally with one
> additional commit since the last revision:
>
> Avoid nesting SSLAlgorithmConstraints
src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java line
73:
> 71:
> 72: static AlgorithmConstraints wrap(AlgorithmConstraints
> userSpecifiedConstraints) {
> 73: if (userSpecifiedConstraints == DEFAULT) {
Maybe, DEFAULT could be returned for null userSpecifiedConstraints.
- if (userSpecifiedConstraints == DEFAULT) {
+ if (userSpecifiedConstraints == null &&
+ userSpecifiedConstraints== DEFAULT) {
-------------
PR: https://git.openjdk.java.net/jdk/pull/8199
