> I would prefer we do it now. If I did not miss something, the new design > should be more simple > and straightforward.
Maybe, but I am not sure since this would surely touch more TLS side codes. If you want to be totally separated, we also need to move the ciphersuites definitions outside CipherSuite.java. The TLS side can iterate through all providers to add them back and create something like a Map<keyExchangeAlg, KeyExchangeService>. Then we could use this map in all "switch (keyExchange)" blocks. Do you think it's easier to make these changes based on the current codes? Or based on my modified codes? Can you describe the KeyExchangeService interface you are thinking about? Currently I have to define a two-level interface -- ExternalCipherSuiteProvider and ExternalCipherSuiteProvider.Exchanger -- to model the service and the exchange instance. Thanks Max
