> Introduce lazy static initialization logic to SSLContextImpl via use of the > new LazyConstant API and improve logging output > > As per JBS comments: > > * Each subclass of AbstractTLSContext (TLSv10. TLSv11 etc) is being > initialization at framework initialization time due to the > getApplicableSupportedCipherSuites(..) calls made in static block. Such calls > are unnecessary if the subclass isn't required. This is especially true for > the default JDK configuration where TLSv10, TLSv11 protocols are disabled. > I've moved logic to lazy initialization of these fields via LazyConstant > > * The debug prints output never made clear what protocol version each cipher > suite was being disabled for. Improved logging there > * The debug prints never printed out the resulting set of enabled/allowed > cipher suites > > There's efficiency gain also in having one less call to the > getApplicableEnabledCipherSuites method in the scenario where customized > cipher suites are not in use. > > example of new debug output: > > > javax.net.ssl|TRACE|30|main|2025-11-26 14:31:31.997 > GMT|SSLContextImpl.java:425|Ignore disabled cipher suites for > protocols:[TLSv1.3, TLSv1.2] > [TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 > TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA > TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384 > TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA > TLS_RSA_WITH_AES_128_CBC_SHA] > javax.net.ssl|TRACE|30|main|2025-11-26 14:31:31.997 > GMT|SSLContextImpl.java:425|Available cipher suites for protocols:[TLSv1.3, > TLSv1.2] > [TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 > TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 > TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 > TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 > TLS_ECDHE_E...
Sean Coffey has updated the pull request incrementally with one additional commit since the last revision: Remove verbose component from test ------------- Changes: - all: https://git.openjdk.org/jdk/pull/28511/files - new: https://git.openjdk.org/jdk/pull/28511/files/ed4c5687..14086670 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=28511&range=06 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28511&range=05-06 Stats: 7 lines in 1 file changed: 0 ins; 1 del; 6 mod Patch: https://git.openjdk.org/jdk/pull/28511.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/28511/head:pull/28511 PR: https://git.openjdk.org/jdk/pull/28511
