Ouch, missed that. Good to go. Thanks, Paul
-----Original Message----- From: "Doerr, Martin" <[email protected]> Date: Thursday, April 8, 2021 at 2:53 AM To: "Hohensee, Paul" <[email protected]>, "Langer, Christoph" <[email protected]>, jdk-updates-dev <[email protected]>, security-dev <[email protected]> Cc: "Lindenmaier, Goetz" <[email protected]> Subject: RE: [11u] RFR: 8226374: Restrict TLS signature schemes and named groups Hi Paul and Christoph, thank you for the review and the approval. I've added the blank line. In addition, I've reviewed the whole change again and found a copy & paste bug in my webrev.00: SECT283_K1(0x0009, "sect283k1", true, NamedGroupSpec.NAMED_GROUP_ECDHE, ProtocolVersion.PROTOCOLS_TO_12, - CurveDB.lookup("sect163k1")), + CurveDB.lookup("sect283k1")), This is the version I'm planning to push: http://cr.openjdk.java.net/~mdoerr/8226374_TLS_11u/webrev.01/ Tests have passed. Best regards, Martin > -----Original Message----- > From: Hohensee, Paul <[email protected]> > Sent: Donnerstag, 8. April 2021 01:01 > To: Langer, Christoph <[email protected]>; Doerr, Martin > <[email protected]>; jdk-updates-dev <jdk-updates- > [email protected]>; security-dev <[email protected]> > Cc: Lindenmaier, Goetz <[email protected]> > Subject: RE: [11u] RFR: 8226374: Restrict TLS signature schemes and named > groups > > Hmm, could have sworn... > > Thanks, > Paul > > -----Original Message----- > From: "Langer, Christoph" <[email protected]> > Date: Wednesday, April 7, 2021 at 3:16 PM > To: "Hohensee, Paul" <[email protected]>, "Doerr, Martin" > <[email protected]>, jdk-updates-dev <jdk-updates- > [email protected]>, security-dev <[email protected]> > Cc: "Lindenmaier, Goetz" <[email protected]> > Subject: RE: [11u] RFR: 8226374: Restrict TLS signature schemes and named > groups > > Hi Paul, > > thanks for the review. The CSR that Martin mentions is the one that Oracle > has filed for 11.0.12-oracle. so we can simply reuse it. > > As for 13, there exists a CSR as well: JDK-8256335 > > Best regards > Christoph > > > -----Original Message----- > > From: Hohensee, Paul <[email protected]> > > Sent: Mittwoch, 7. April 2021 23:42 > > To: Doerr, Martin <[email protected]>; jdk-updates-dev <jdk- > updates- > > [email protected]>; security-dev <[email protected]> > > Cc: Lindenmaier, Goetz <[email protected]>; Langer, Christoph > > <[email protected]> > > Subject: Re: [11u] RFR: 8226374: Restrict TLS signature schemes and named > > groups > > > > The backport looks fine, except there's a missing blank line after > FFDHE_2048 > > in NamedGroup.java. :) Thanks for filing a CSR (there doesn't seem to be > one > > for the 13u backport: perhaps Yan will add one after the fact). I'm not a > > security person, so it would be great if someone who is reviews the CSR to > > see if there are any 11u-specific issues with it. > > > > Thanks, > > Paul > > > > -----Original Message----- > > From: jdk-updates-dev <[email protected]> on > > behalf of "Doerr, Martin" <[email protected]> > > Date: Wednesday, April 7, 2021 at 9:10 AM > > To: jdk-updates-dev <[email protected]>, security-dev > > <[email protected]> > > Cc: "Lindenmaier, Goetz" <[email protected]>, "Langer, > > Christoph" <[email protected]> > > Subject: [11u] RFR: 8226374: Restrict TLS signature schemes and named > > groups > > > > Hi, > > > > JDK-8226374 is backported to 11.0.12-oracle. I'd like to backport it for > > parity. > > It doesn't apply cleanly. I've taken the 13u backport as source because it > > resolves the wrong backport order with JDK-8242141. > > > > Bug: > > https://bugs.openjdk.java.net/browse/JDK-8226374 > > > > 11u CSR: > > https://bugs.openjdk.java.net/browse/JDK-8264555 > > > > Original change (JDK14): > > https://hg.openjdk.java.net/jdk/jdk/rev/a93b7b28f644 > > > > 13u backport: > > https://github.com/openjdk/jdk13u-dev/commit/384445d2 > > > > 11u rejected hunks (integrated manually): > > > http://cr.openjdk.java.net/~mdoerr/8226374_TLS_11u/8226374_TLS_rej.txt > > > > my new 11u backport: > > http://cr.openjdk.java.net/~mdoerr/8226374_TLS_11u/webrev.00/ > > > > Please review. > > > > Best regards, > > Martin > > >
