On Mon, 4 Nov 2024 15:53:21 GMT, Artur Barashev <[email protected]> wrote:
>> src/java.base/share/classes/sun/security/util/AbstractAlgorithmConstraints.java
>> line 91:
>>
>>> 89: // Wild card matching
>>> 90: for (String p : algorithms) {
>>> 91: if (Pattern.compile(p.replace("*", ".*"),
>>> Pattern.CASE_INSENSITIVE)
>>
>> What is the performance impact of this change in terms of both allocations
>> and duration of compiling and matching this regex on overall handshake?
>>
>> My sense is that this is going to be very expensive for TLS connection
>> overhead.
>
> Good point, thanks! This is just a proof of concept draft at this point.
> We'll work on optimization if we decide to go with this design.
`DisabledAlgorithmConstraints` already caches the results of `checkAlgorithm
call`, so we should have no performance impact after the 1st handshake.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21841#discussion_r1829354446
