On 1/4/2014 6:41 AM, Bradford Wetmore wrote:
Looks ok to me, with the exception as you pointed out that this doesn't
follow section 4 of RFC 6460.
Sorry, I did not get it. Would you mind point out the line number of
the concern?
Why was this done, and how did you
originally determine the original ciphersuite ordering for GCMs?
Per RFC 6460, there are two profiles, "Suite B Combination 1" and "Suite
B Combination 2". SunJSSE default cipher suite preference does not
compliant to the profiles at present. That's why it is said,
"The preference order of the GCM cipher suites does not follow the spec
of RFC 6460."
About the ordering, please refer to line 964-977 of CipherSuite.java
Thanks,
Xuelei
Brad
On 12/29/2013 7:56 PM, Xuelei Fan wrote:
Hi,
Please review this small update.
webrev: http://cr.openjdk.java.net/~xuelei/8028518/webrev.00/
In TLS protocols, cipher suite specifies the crypto algorithms used in
TLS connections. The priorities of cipher suites define the preference
order that a cipher suite may be used in a TLS connection.
When introducing the AEAD/GCM cipher suites in SunJSSE provider (JEP
115)[1], for better compatibility and interoperability, we decided to
decrease the priority of cipher suites in GCM mode for a while before
GCM technologies mature in the industry.
It's time to consider to increase the priorities of GCM mode cipher
suite in early stage of JDK 9.
Thanks,
Xuelei
[1] http://openjdk.java.net/jeps/115
