Re: RFR: 8261433: Better pkcs11 performance for libpkcs11:C_EncryptInit/libpkcs11:C_DecryptInit

On Tue, 26 Mar 2024 22:57:59 GMT, Valerie Peng wrote: > > Now that we are going with the normative version first, maybe we should > > make additional changes to clean up the flow further?Say, > > > > 1. update `jGCMParamsToCKGCMParamPtr(JNIEnv *env, jobject jParam, CK_ULONG > > *pLength)` to

RFR: 8329213: Better validation for com.sun.security.ocsp.useget option

[JDK-8328638](https://bugs.openjdk.org/browse/JDK-8328638) introduced a new boolean option, `com.sun.security.ocsp.useget`. We use the usual `Boolean.parseBoolean` to convert it from String to boolean value, which works correctly for `false` and `true` as boolean values. However, any string

Re: RFR: 8322767: TLS full handshake is slow with PKCS12KeyStore and X509KeyManagerImpl [v3]

On Wed, 27 Mar 2024 08:15:08 GMT, Hai-May Chao wrote: > I ran the benchmark to measure the time needed to build a TLS context using > PKIX KeyManager (with protocols "TLSv1.2" and "TLS”) before and after the > changes to X509KeyManagerImpl.java. Here are the results: > > Without changes:

Re: RFR: 8328638: Fallback option for POST-only OCSP requests [v5]

On Mon, 25 Mar 2024 19:24:39 GMT, Aleksey Shipilev wrote: >> See the rationale/discussion in the bug. This patch introduces the option >> that allows to restore >> pre-[JDK-8179503](https://bugs.openjdk.org/browse/JDK-8179503) behavior. The >> default behavior does not change. Better

Integrated: 8328638: Fallback option for POST-only OCSP requests

On Wed, 20 Mar 2024 19:48:52 GMT, Aleksey Shipilev wrote: > See the rationale/discussion in the bug. This patch introduces the option > that allows to restore > pre-[JDK-8179503](https://bugs.openjdk.org/browse/JDK-8179503) behavior. The > default behavior does not change. Better suggestions

Re: RFR: 8328638: Fallback option for POST-only OCSP requests [v5]

On Wed, 27 Mar 2024 09:30:34 GMT, Aleksey Shipilev wrote: > CSR is done. I assume we are good here, and we can integrate? Yes. - PR Comment: https://git.openjdk.org/jdk/pull/18408#issuecomment-2022687436

Re: RFR: 8328638: Fallback option for POST-only OCSP requests [v5]

On Mon, 25 Mar 2024 19:24:39 GMT, Aleksey Shipilev wrote: >> See the rationale/discussion in the bug. This patch introduces the option >> that allows to restore >> pre-[JDK-8179503](https://bugs.openjdk.org/browse/JDK-8179503) behavior. The >> default behavior does not change. Better

Re: RFR: 8322767: TLS full handshake is slow with PKCS12KeyStore and X509KeyManagerImpl [v3]

On Tue, 26 Mar 2024 06:00:33 GMT, Hai-May Chao wrote: >> For the PKIX KeyManager and PKCS12 Keystore, when the TLS server sends the >> ServerHello message and ultimately calls the >> X509KeyManagerImpl.chooseEngineServerAlias() method, it retrieves the >> private key from the keystore,

Re: RFR: 8322767: TLS full handshake is slow with PKCS12KeyStore and X509KeyManagerImpl [v3]

On Tue, 26 Mar 2024 06:00:33 GMT, Hai-May Chao wrote: >> For the PKIX KeyManager and PKCS12 Keystore, when the TLS server sends the >> ServerHello message and ultimately calls the >> X509KeyManagerImpl.chooseEngineServerAlias() method, it retrieves the >> private key from the keystore,