> During TLS handshake, hundreds of constraints are evaluated to determine
> which cipher suites are usable. Most of the evaluations are performed using
> `HandshakeContext#algorithmConstraints` object. By default that object
> contains a `SSLAlgorithmConstraints` instance wrapping another
> `S
On Wed, 13 Apr 2022 16:02:50 GMT, Xue-Lei Andrew Fan wrote:
>> Thanks @XueleiFan for the review!
>> If we do that, this will result in a behavior change for cases where
>> `enabledX509DisabledAlgConstraints` = false; is that okay? Or should we set
>> `enabledX509DisabledAlgConstraints` = true i
On Wed, 13 Apr 2022 20:32:02 GMT, Daniel Jeliński wrote:
>> During TLS handshake, hundreds of constraints are evaluated to determine
>> which cipher suites are usable. Most of the evaluations are performed using
>> `HandshakeContext#algorithmConstraints` object. By default that object
>> conta
On Thu, 14 Apr 2022 04:24:07 GMT, Xue-Lei Andrew Fan wrote:
>> Daniel Jeliński has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Avoid nesting SSLAlgorithmConstraints
>
> src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints
On Thu, 14 Apr 2022 04:24:07 GMT, Xue-Lei Andrew Fan wrote:
>> Daniel Jeliński has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Avoid nesting SSLAlgorithmConstraints
>
> src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints
On Thu, 14 Apr 2022 14:58:24 GMT, Xue-Lei Andrew Fan wrote:
>> src/java.base/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java
>> line 73:
>>
>>> 71:
>>> 72: static AlgorithmConstraints wrap(AlgorithmConstraints
>>> userSpecifiedConstraints) {
>>> 73: if (userSpecifiedCo
On Thu, 14 Apr 2022 15:43:42 GMT, Daniel Jeliński wrote:
>>> @XueleiFan did you mean `||` (not `&&`) ?
>>
>> Thank you @dfuch. Yes, it should be "||".
>
> as of today, this method is never called with a `null` argument
> (`SSLConfiguration#userSpecifiedAlgorithmConstraints` is initialized to
On Thu, 14 Apr 2022 15:53:53 GMT, Xue-Lei Andrew Fan wrote:
>> as of today, this method is never called with a `null` argument
>> (`SSLConfiguration#userSpecifiedAlgorithmConstraints` is initialized to
>> `DEFAULT` and cannot be reset to `null`), but I can add a null check for
>> future-proofi
