> Adds the RFC 5705/8446 TLS Key Exporters API/implementation to JSSE/SunJSSE
> respectively.
>
> CSR is underway.
>
> Tests include new unit tests for TLSv1-1.3. Will run tier1-2, plus the JCK
> API (jck:api/java_security jck:api/javax_crypto jck:api/javax_net
> jck:api/javax_security jck:ap
> Adds the RFC 5705/8446 TLS Key Exporters API/implementation to JSSE/SunJSSE
> respectively.
>
> CSR is underway.
>
> Tests include new unit tests for TLSv1-1.3. Will run tier1-2, plus the JCK
> API (jck:api/java_security jck:api/javax_crypto jck:api/javax_net
> jck:api/javax_security jck:ap
On Wed, 7 May 2025 16:21:23 GMT, Weijun Wang wrote:
>> Bradford Wetmore has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Updated to use the upcoming KDF (still in preview) + bits of JDK-8353578
>> for compilation)
>
> src/java.base/share
On Thu, 8 May 2025 06:03:03 GMT, Bradford Wetmore wrote:
>> src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java line 1694:
>>
>>> 1692:
>>> 1693: // ...now the final expand.
>>> 1694: SecretKey key = hkdf.deriveKey(label,
>>
>> PKCS #11 is p
On Fri, 16 May 2025 17:17:04 GMT, Bradford Wetmore wrote:
>> How about adding a `String alg` parameter to `exportKeyingMaterialKey` like
>> in the `KDF.deriveKey` API?
>
> As discussed with @seanjmullan / @wangweij , that is the direction I'll try.
> It's not perfect, but a definite step in th
On Thu, 15 May 2025 04:22:42 GMT, Bradford Wetmore wrote:
>> src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java line 1650:
>>
>>> 1648: emptyHash = md.digest();
>>> 1649: } catch (NoSuchAlgorithmException nsae) {
>>> 1650: thr
On Tue, 13 May 2025 13:07:18 GMT, Weijun Wang wrote:
>> It seems like it should be an exception, whatever you decide to do. The
>> caller is asking for the keying material data, and the provider cannot
>> fulfill that request, so I think explaining why it could not be done would
>> be best rep
On Thu, 15 May 2025 11:47:08 GMT, Daniel Fuchs wrote:
> Thanks for this fix. The proposed changes LGTM. Did you run tier2 tests?
Yes, I've run tier1 and tier2 tests. There were a few unrelated failures, but
the [test
](https://github.com/openjdk/jdk/blob/master/test/jdk/java/net/HttpURLConnect
On Fri, 16 May 2025 16:50:22 GMT, Sean Mullan wrote:
>> Personally, I would like to give user the chance to specify the algorithm
>> themselves. A "TlsExporterKeyingMaterial" key will not be accepted by an AES
>> cipher. If you are not ready for this, I'd rather only provide the
>> `exportKeyi
On Thu, 15 May 2025 19:41:16 GMT, Weijun Wang wrote:
>> From a previous comment:
>>
>> IIUC, the exported keying material can be used for any purpose or algorithm,
>> so we really can't make an good educated guess what it might be. They could
>> be Keys (Ciphers), byte array/value challenges,
On Fri, 9 May 2025 14:39:53 GMT, Daniel Fuchs wrote:
>> Hi,
>>
>> Please find here a PR for the implementation of [JEP 517: HTTP/3 for the
>> HTTP Client API](https://openjdk.org/jeps/517).
>>
>> The CSR can be viewed at [JDK-8350588: Implement JEP 517: HTTP/3 for the
>> HTTP Client API](http
> Hi,
>
> Enhanced exception messages are designed to hide sensitive information such
> as hostnames, IP
> addresses from exception message strings, unless the enhanced mode for the
> specific category
> has been explicitly enabled. Enhanced exceptions were first introduced in
> 8204233 in JD
On Fri, 9 May 2025 14:39:53 GMT, Daniel Fuchs wrote:
>> Hi,
>>
>> Please find here a PR for the implementation of [JEP 517: HTTP/3 for the
>> HTTP Client API](https://openjdk.org/jeps/517).
>>
>> The CSR can be viewed at [JDK-8350588: Implement JEP 517: HTTP/3 for the
>> HTTP Client API](http
On Thu, 15 May 2025 13:47:23 GMT, serhiysachkov wrote:
>> change
>> test/jdk/com/sun/net/httpserver/simpleserver/RootDirPermissionsTest.java to
>> a manual test
>
> serhiysachkov has updated the pull request with a new target base due to a
> merge or a rebase. The incremental webrev excludes t
On Wed, 7 May 2025 14:02:52 GMT, kieran-farrell wrote:
> Spec currently suggests that only IPv6 addresses can return null for
> InterfaceAddress.getBroadcast(). Clarifying spec to state that certain IPv4
> address such as the loopback address do not support broadcasting and can
> therefore als
15 matches
Mail list logo
