On Tue, 19 Apr 2022 17:16:29 GMT, Daniel Jeliński <djelin...@openjdk.org> wrote:
>> During TLS handshake, hundreds of constraints are evaluated to determine
>> which cipher suites are usable. Most of the evaluations are performed using
>> `HandshakeContext#algorithmConstraints` object. By default that object
>> contains a `SSLAlgorithmConstraints` instance wrapping another
>> `SSLAlgorithmConstraints` instance. As a result the constraints defined in
>> `SSLAlgorithmConstraints` are evaluated twice.
>>
>> This PR improves the default case; if the user-specified constraints are
>> left at defaults, we use a single `SSLAlgorithmConstraints` instance, and
>> avoid duplicate checks.
>
> Daniel Jeliński has updated the pull request incrementally with one
> additional commit since the last revision:
>
> Replace remaining constructors with factory methods
src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java line
94:
> 92: AlgorithmConstraints userSpecifiedConstraints,
> 93: boolean withDefaultCertPathConstraints) {
> 94: if (nullIfDefault(userSpecifiedConstraints) == null) {
Do you wan to check DEFAULT_SSL_ONLY in the nullIfDefault() implementation?
The logic of the block is a little bit hard to understand to me.
src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java line
97:
> 95: return withDefaultCertPathConstraints ? DEFAULT :
> DEFAULT_SSL_ONLY;
> 96: }
> 97: return new SSLAlgorithmConstraints(userSpecifiedConstraints,
> withDefaultCertPathConstraints);
It would be nice to limit each line within 80 characters, which is useful for
terminal users.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8199
