> It's been several years since we increased the default key sizes. Before
> shifting to PQC, NSA replaced its Suite B cryptography recommendations with
> the Commercial National Security Algorithm Suite which suggests:
>
> - SHA-384 for secure hashing
> - AES-256 for symmetric encryption
> - RS
On Tue, 8 Mar 2022 15:03:57 GMT, zzambers wrote:
>> Fixed API Note in javadoc for javax.net.ssl.SSLSocket class. API Note was
>> introduced by JDK-8208526 [1]. At that point both Socket.shutdownInput() /
>> Socket.shutdownOutput() and InputStream.close() / OutputStream.close()
>> performed hal
On Tue, 8 Mar 2022 15:23:13 GMT, zzambers wrote:
>>> Sure if more changes are desired I can pull your changes. When It comes to
>>> CSR I am not fully familiar with the
>> process. Is action expected from my side?
>>
>> One of us needs to get the CSR approved. Why don't you pull the changes
On Tue, 8 Mar 2022 20:25:12 GMT, Rajan Halade wrote:
> …ecurity/util/Pem/encoding.sh
This pull request has now been integrated.
Changeset: ea19114e
Author:Rajan Halade
URL:
https://git.openjdk.java.net/jdk/commit/ea19114e66326e4be7b4b9995888ad2ead3d37dc
Stats: 2 lines in 1 file
On Tue, 8 Mar 2022 20:25:12 GMT, Rajan Halade wrote:
> …ecurity/util/Pem/encoding.sh
Marked as reviewed by mullan (Reviewer).
-
PR: https://git.openjdk.java.net/jdk/pull/7749
…ecurity/util/Pem/encoding.sh
-
Commit messages:
- Update copyright year
- 8282832: Update file path for HostnameMatcher/cert5.crt in test
sun/security/util/Pem/encoding.sh
Changes: https://git.openjdk.java.net/jdk/pull/7749/files
Webrev: https://webrevs.openjdk.java.net/?repo=jd
On Tue, 8 Mar 2022 13:00:50 GMT, Sean Mullan wrote:
>> Please review this change to fully support RFC 6125 in the TLS
>> implementation. This change forbids wildcard domains in TLS certificates
>> unless the wildcard is in the left-most component. Certificates of this
>> nature should be rare
On Fri, 4 Mar 2022 14:59:54 GMT, Sean Mullan wrote:
> Please review this change to fully support RFC 6125 in the TLS
> implementation. This change forbids wildcard domains in TLS certificates
> unless the wildcard is in the left-most component. Certificates of this
> nature should be rare and
On Tue, 8 Mar 2022 12:56:50 GMT, Sean Mullan wrote:
>> test/jdk/sun/security/util/HostnameChecker/Wildcard.java line 72:
>>
>>> 70: } catch (Exception e) {
>>> 71: if (expected) {
>>> 72: throw new Exception("unexpectedly failed match", e);
>>
>> consider to
On Tue, 8 Mar 2022 13:00:50 GMT, Sean Mullan wrote:
>> Please review this change to fully support RFC 6125 in the TLS
>> implementation. This change forbids wildcard domains in TLS certificates
>> unless the wildcard is in the left-most component. Certificates of this
>> nature should be rare
On Sun, 6 Mar 2022 05:40:59 GMT, Xue-Lei Andrew Fan wrote:
>> This update is to support signature schemes customization for individual
>> (D)TLS connection. Please review the CSR as well:
>> CSR: https://bugs.openjdk.java.net/browse/JDK-8280495
>> RFE: https://bugs.openjdk.java.net/browse/JDK-8
The CSR looks good to me, and I added my name as reviewer.
Xuelei
> On Mar 7, 2022, at 1:38 PM, Bradford Wetmore
> wrote:
>
>
> Hi,
>
> We (zzambers/I) need a reviewer for this CSR involving the close @apiNote of
> SSLSocket.java:
>
>https://bugs.openjdk.java.net/browse/JDK-8282768
>
On Mon, 7 Mar 2022 21:01:12 GMT, Bradford Wetmore wrote:
>> @bradfordwetmore Sure if more changes are desired I can pull your changes.
>> When It comes to CSR I am not fully familiar with the process. Is action
>> expected from my side?
>
>> Sure if more changes are desired I can pull your chan
On Tue, 8 Mar 2022 14:21:19 GMT, zzambers wrote:
>> Fixed API Note in javadoc for javax.net.ssl.SSLSocket class. API Note was
>> introduced by JDK-8208526 [1]. At that point both Socket.shutdownInput() /
>> Socket.shutdownOutput() and InputStream.close() / OutputStream.close()
>> performed hal
> Fixed API Note in javadoc for javax.net.ssl.SSLSocket class. API Note was
> introduced by JDK-8208526 [1]. At that point both Socket.shutdownInput() /
> Socket.shutdownOutput() and InputStream.close() / OutputStream.close()
> performed half-close of TLS-1.3 connection. However this behaviour h
On Tue, 8 Mar 2022 05:51:21 GMT, Xue-Lei Andrew Fan wrote:
>> src/java.base/share/classes/sun/security/ssl/ECDHKeyExchange.java line 204:
>>
>>> 202: } catch (GeneralSecurityException | java.io.IOException e)
>>> {
>>> 203: throw new SSLHandshakeException(
>>> 204:
On Mon, 7 Mar 2022 15:11:50 GMT, Сергей Цыпанов wrote:
> `List.of()` along with `Set.of()` create unmodifiable `List/Set` but with
> smaller footprint comparing to `Arrays.asList()` / `new HashSet()` when
> called with vararg of size 0, 1, 2.
>
> In general replacement of `Arrays.asList()` wit
On Mon, 7 Mar 2022 21:01:12 GMT, Bradford Wetmore wrote:
>> @bradfordwetmore Sure if more changes are desired I can pull your changes.
>> When It comes to CSR I am not fully familiar with the process. Is action
>> expected from my side?
>
>> Sure if more changes are desired I can pull your chan
> Fixed API Note in javadoc for javax.net.ssl.SSLSocket class. API Note was
> introduced by JDK-8208526 [1]. At that point both Socket.shutdownInput() /
> Socket.shutdownOutput() and InputStream.close() / OutputStream.close()
> performed half-close of TLS-1.3 connection. However this behaviour h
On Mon, 7 Mar 2022 21:26:56 GMT, Rajan Halade wrote:
>> Sean Mullan has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Merge Wildcard test into TestHostnameCheck.
>> Rename HostnameMatcher dir to HostnameChecker.
>
> test/jdk/sun/security
On Mon, 7 Mar 2022 21:33:47 GMT, Sean Mullan wrote:
>> test/jdk/sun/security/util/HostnameMatcher/TestHostnameChecker.java line 196:
>>
>>> 194: check(checker, "5.6.7.8", cert3, true);
>>> 195: check(checker, "foo.bar.com", cert4, true);
>>> 196: check(checker, "altfoo.ba
> Please review this change to fully support RFC 6125 in the TLS
> implementation. This change forbids wildcard domains in TLS certificates
> unless the wildcard is in the left-most component. Certificates of this
> nature should be rare and are not allowed per the CABForum baseline
> requireme
On Mon, 7 Mar 2022 16:06:44 GMT, Claes Redestad wrote:
> Notice list.of will have the downside of copying the input array when the
> size is not small while arrays aslist does not. Is the tradeoff worth it?
Good point, I see risky changes in this PR:
- `ProxyGenerator`
- `Proxy`
- `MethodType`
> Please review this small API enhancement to add the usual constructors taking
> a cause to javax.net.ssl exceptions. The use of initCause in the JSSE
> implementation code is updated to use the new constructors accordingly.
>
> Please review the CSR: https://bugs.openjdk.java.net/browse/JDK-8
24 matches
Mail list logo
