On Tue, 23 Jun 2026 12:44:57 GMT, Andreas Chmielewski 
<[email protected]> wrote:

> These mappings were previously missing, causing
> jdk.tls.disabledAlgorithms constraints using component names (e.g.
>         "AES_128_GCM", "AES_256_GCM", "CHACHA20_POLY1305") to not
> consistently match the corresponding TLS cipher suites.
> 
> 
> 
> 
> ---------
> - [ x] I confirm that I make this contribution in accordance with the 
> [OpenJDK Interim AI Policy](https://openjdk.org/legal/ai).
> 
> ---------
> - [x] I confirm that I make this contribution in accordance with the [OpenJDK 
> Interim AI Policy](https://openjdk.org/legal/ai).

Hi, thanks for the review.

I have addressed most of the comments. The only remaining point is adding an 
exception‑throwing default clause to the switch in SSLAlgorithmDecomposer. I’m 
not entirely convinced this is a good idea, as it could introduce regressions 
if new or currently unhandled cases appear at runtime.

Regarding the test BulkCipherDisabledAlgorithms: it is designed to iterate over 
all supported cipher suites and validate their behavior with respect to 
jdk.tls.disabledAlgorithms. For each suite, the test verifies both visibility 
(via enabled cipher suites) and actual usability (via handshake 
success/failure), ensuring consistent behavior across different bulk cipher 
configurations.

What do you think? Thx!

-------------

PR Comment: https://git.openjdk.org/jdk/pull/31633#issuecomment-4833287815

Reply via email to