On Tue, 19 Apr 2022 17:16:29 GMT, Daniel Jeliński <djelin...@openjdk.org> wrote:
>> During TLS handshake, hundreds of constraints are evaluated to determine >> which cipher suites are usable. Most of the evaluations are performed using >> `HandshakeContext#algorithmConstraints` object. By default that object >> contains a `SSLAlgorithmConstraints` instance wrapping another >> `SSLAlgorithmConstraints` instance. As a result the constraints defined in >> `SSLAlgorithmConstraints` are evaluated twice. >> >> This PR improves the default case; if the user-specified constraints are >> left at defaults, we use a single `SSLAlgorithmConstraints` instance, and >> avoid duplicate checks. > > Daniel Jeliński has updated the pull request incrementally with one > additional commit since the last revision: > > Replace remaining constructors with factory methods src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java line 94: > 92: AlgorithmConstraints userSpecifiedConstraints, > 93: boolean withDefaultCertPathConstraints) { > 94: if (nullIfDefault(userSpecifiedConstraints) == null) { Do you wan to check DEFAULT_SSL_ONLY in the nullIfDefault() implementation? The logic of the block is a little bit hard to understand to me. src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java line 97: > 95: return withDefaultCertPathConstraints ? DEFAULT : > DEFAULT_SSL_ONLY; > 96: } > 97: return new SSLAlgorithmConstraints(userSpecifiedConstraints, > withDefaultCertPathConstraints); It would be nice to limit each line within 80 characters, which is useful for terminal users. ------------- PR: https://git.openjdk.java.net/jdk/pull/8199