On Thu, 21 Sep 2023 13:30:07 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> test/jdk/sun/security/ssl/DHKeyExchange/DHEKeySizing.java line 35: >> >>> 33: * @library /javax/net/ssl/templates >>> 34: * @run main/othervm -Djdk.tls.client.enableSessionTicketExtension=false >>> 35: * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA 1645 267 TLSv1 >> >> Just curious why the server key exchange length went up in size by a couple >> bytes. Was 1643 incorrect before this change? > > Good question. Part of this is a cut-and-paste error. The only change to 1645 > bytes should be for line 64. The previous version of this test used TLS 1.0 > for all the tests. When testing this on different protocols, I noticed the > server hello for this cipher suite takes 2 extra bytes on TLSv1.2, and this > was enough to cause the test to fail even with the 6 extra bytes for > KEY_LEN_BIAS. - I don't know the exact reason why it takes a few extra bytes > though. > > I fixed this in the latest commit - only line 64 should be different now for > the server hello length. An extra two bytes for a server hello could be due to the assertion of a SH extension that was not asserted in earlier versions of the protocol or something along those lines. Since that 1645 bytes relates to "Server Hello Series" (I assume that means the entire SH flight of messages) there could be a two-byte variance in a number of places. The fix looks good to me. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/15846#discussion_r1333365888
