On Mon, 29 Jun 2026 15:20:33 GMT, Artur Barashev <[email protected]> wrote:

>> Andreas Chmielewski has updated the pull request incrementally with one 
>> additional commit since the last revision:
>> 
>>   Review Comments
>
> test/jdk/javax/net/ssl/ciphersuites/BulkCipherDisabledAlgorithms.java line 77:
> 
>> 75:     private static List<String[]> buildTests() throws 
>> NoSuchAlgorithmException {
>> 76:         List<String[]> tests = new ArrayList<>();
>> 77:         CipherSuite[] suites = getCipherSuites(false);
> 
> We are getting cipher suites here with the default 
> `jdk.tls.disabledAlgorithms` security property set. We need to clear it 
> (first line in `main`) to cover all possible cipher suites.

That’s a good point, thanks!

My test consists of two sub-tests (testCipherSuiteVisibility and 
testHandshake). After clearing jdk.tls.disabledAlgorithms (to cover all 
possible cipher suites), iterating over getSupportedCipherSuites() works fine 
for testCipherSuiteVisibility, since the goal is to verify which suites are 
filtered out by the security property.

However, for testHandshake this approach leads to failures for some supported 
cipher suites that are not actually handshakeable (e.g., Unsupported signature 
algorithm: DSA for DHE_DSS suites, or anonymous cipher suites which are not 
enabled by default). These failures are unrelated to the behavior under test.

Therefore, for the handshake test it seems necessary to restrict the set to 
suites that are both enabled by default and handshakeable (e.g., using 
getEnabledCipherSuites() a), while still using the full supported set for the 
visibility checks.

@artur-oracle What do you think?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/31633#discussion_r3493999359

Reply via email to