RFR [13] JDK-8168261: Use server cipher suites preference by default

Hi, Could I get the update reviewed? http://cr.openjdk.java.net/~xuelei/8168261/webrev.00/ With this update, server cipher suite preference will be used by default for TLS handshaking in the SunJSSE provider. For more details, please refer to CSR: https://bugs.openjdk.java.net/browse/J

Re: RFR 6722928: Support SSPI as a native GSS-API provider

Hi Michael, Many thanks to your review. Sorry I'm new to the C side of GSS-API and SSPI and I write very little C code these days. > On Mar 22, 2019, at 5:17 AM, Michael Osipov <1983-01...@gmx.net> wrote: > > Hi Max, > > here is my review based on webrev.04. Some of the statements might not be

RFR 6722928: Support SSPI as a native GSS-API provider

Hi Max, here is my review based on webrev.04. Some of the statements might not be correct due to my little C/C++ knowledge, just correct me if I am wrong. I am really looking to test this, especially as a SASL provider for my extended LDAP communication with Active Directory. gssapi.h: * Th

Re: RFR [13] JDK-8221273, sun/security/pkcs11/tls/tls12/TestTLS12.java on ProblemList.txt

Looks good. --Sean On 3/21/19 3:27 PM, Xuelei Fan wrote: Hi, Please review this update to problem list sun/security/pkcs11/tls/tls12/TestTLS12.java, which is failing on windows.  The issue will be addressed in JDK-8221271. Thanks, Xuelei $ hg diff test/jdk/ProblemList.txt diff -r f10ca228

RFR [13] JDK-8221273, sun/security/pkcs11/tls/tls12/TestTLS12.java on ProblemList.txt

Hi, Please review this update to problem list sun/security/pkcs11/tls/tls12/TestTLS12.java, which is failing on windows. The issue will be addressed in JDK-8221271. Thanks, Xuelei $ hg diff test/jdk/ProblemList.txt diff -r f10ca228b22f test/jdk/ProblemList.txt --- a/test/jdk/ProblemList.txt

Re: RFR [13] JDK-8221270: Duplicated synchronized keywords in SSLSocketImpl

Looks good. --Sean On 3/21/19 2:49 PM, Xuelei Fan wrote: Hi, Could I have the following update reviewed?    http://cr.openjdk.java.net/~xuelei/8221270/webrev.00/ The implementation of SSLSocketImpl.getHandshakeSession() uses two synchronized over the same object.  One should be sufficient.

RFR [13] JDK-8221270: Duplicated synchronized keywords in SSLSocketImpl

Hi, Could I have the following update reviewed? http://cr.openjdk.java.net/~xuelei/8221270/webrev.00/ The implementation of SSLSocketImpl.getHandshakeSession() uses two synchronized over the same object. One should be sufficient. Code cleanup, no new regression test. Thanks, Xuelei

Re: Use of OpenSSL as JCE security provider if available on system

Hi, On Thu, Mar 21, 2019 at 3:43 PM Sean Mullan wrote: > But, if we want to explore this further, I think it first makes sense to > take a step back and focus more on what benefits an OpenSSL provider or > "native bridge" would provide. Benchmarked 3x-10x performance improvements. https://nbsoft

Re: Use of OpenSSL as JCE security provider if available on system

On 3/15/19 5:46 AM, Steve Groeger wrote: Hi all, Not sure whether something on this subject has been raised before but I was unable to see anything in the mailing lists. I don't think it has been discussed in any detail on this alias. However, there are some other libraries and toolkits that

[8u] Is it possible to bring root certificates to OpenJDK 8 [JEP319] ?

Hi, I recently came across a scenario where I wanted to use a self-built OpenJDK 8 in a maven build and it could not download artefacts due to missing root certificates. I helped myself by replacing the cacerts with some other version from a later OpenJDK and came over the issue. However, I’ve