Hi Paul, thanks for the review. The CSR that Martin mentions is the one that Oracle has filed for 11.0.12-oracle. so we can simply reuse it.
As for 13, there exists a CSR as well: JDK-8256335 Best regards Christoph > -----Original Message----- > From: Hohensee, Paul <hohen...@amazon.com> > Sent: Mittwoch, 7. April 2021 23:42 > To: Doerr, Martin <martin.do...@sap.com>; jdk-updates-dev <jdk-updates- > d...@openjdk.java.net>; security-dev <security-dev@openjdk.java.net> > Cc: Lindenmaier, Goetz <goetz.lindenma...@sap.com>; Langer, Christoph > <christoph.lan...@sap.com> > Subject: Re: [11u] RFR: 8226374: Restrict TLS signature schemes and named > groups > > The backport looks fine, except there's a missing blank line after FFDHE_2048 > in NamedGroup.java. :) Thanks for filing a CSR (there doesn't seem to be one > for the 13u backport: perhaps Yan will add one after the fact). I'm not a > security person, so it would be great if someone who is reviews the CSR to > see if there are any 11u-specific issues with it. > > Thanks, > Paul > > -----Original Message----- > From: jdk-updates-dev <jdk-updates-dev-r...@openjdk.java.net> on > behalf of "Doerr, Martin" <martin.do...@sap.com> > Date: Wednesday, April 7, 2021 at 9:10 AM > To: jdk-updates-dev <jdk-updates-...@openjdk.java.net>, security-dev > <security-dev@openjdk.java.net> > Cc: "Lindenmaier, Goetz" <goetz.lindenma...@sap.com>, "Langer, > Christoph" <christoph.lan...@sap.com> > Subject: [11u] RFR: 8226374: Restrict TLS signature schemes and named > groups > > Hi, > > JDK-8226374 is backported to 11.0.12-oracle. I'd like to backport it for > parity. > It doesn't apply cleanly. I've taken the 13u backport as source because it > resolves the wrong backport order with JDK-8242141. > > Bug: > https://bugs.openjdk.java.net/browse/JDK-8226374 > > 11u CSR: > https://bugs.openjdk.java.net/browse/JDK-8264555 > > Original change (JDK14): > https://hg.openjdk.java.net/jdk/jdk/rev/a93b7b28f644 > > 13u backport: > https://github.com/openjdk/jdk13u-dev/commit/384445d2 > > 11u rejected hunks (integrated manually): > http://cr.openjdk.java.net/~mdoerr/8226374_TLS_11u/8226374_TLS_rej.txt > > my new 11u backport: > http://cr.openjdk.java.net/~mdoerr/8226374_TLS_11u/webrev.00/ > > Please review. > > Best regards, > Martin >