Looks ok to me, with the exception as you pointed out that this doesn't follow section 4 of RFC 6460. Why was this done, and how did you originally determine the original ciphersuite ordering for GCMs?

Brad


On 12/29/2013 7:56 PM, Xuelei Fan wrote:
Hi,

Please review this small update.

webrev: http://cr.openjdk.java.net/~xuelei/8028518/webrev.00/

In TLS protocols, cipher suite specifies the crypto algorithms used in
TLS connections.  The priorities of cipher suites define the preference
order that a cipher suite may be used in a TLS connection.

When introducing the AEAD/GCM cipher suites in SunJSSE provider (JEP
115)[1], for better compatibility and interoperability, we decided to
decrease the priority of cipher suites in GCM mode for a while before
GCM technologies mature in the industry.

It's time to consider to increase the priorities of GCM mode cipher
suite in early stage of JDK 9.

Thanks,
Xuelei

[1] http://openjdk.java.net/jeps/115

Reply via email to