On Mon, 23 Feb 2026 15:36:28 GMT, Sean Coffey <[email protected]> wrote:
>> Introduce lazy static initialization logic to SSLContextImpl via use of the >> new LazyConstant API and improve logging output >> >> As per JBS comments: >> >> * Each subclass of AbstractTLSContext (TLSv10. TLSv11 etc) is being >> initialization at framework initialization time due to the >> getApplicableSupportedCipherSuites(..) calls made in static block. Such >> calls are unnecessary if the subclass isn't required. This is especially >> true for the default JDK configuration where TLSv10, TLSv11 protocols are >> disabled. I've moved logic to lazy initialization of these fields via >> LazyConstant >> >> * The debug prints output never made clear what protocol version each cipher >> suite was being disabled for. Improved logging there >> * The debug prints never printed out the resulting set of enabled/allowed >> cipher suites >> >> There's efficiency gain also in having one less call to the >> getApplicableEnabledCipherSuites method in the scenario where customized >> cipher suites are not in use. >> >> example of new debug output: >> >> >> javax.net.ssl|TRACE|30|main|2025-11-26 14:31:31.997 >> GMT|SSLContextImpl.java:425|Ignore disabled cipher suites for >> protocols:[TLSv1.3, TLSv1.2] >> [TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 >> TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 >> TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA >> TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384 >> TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA >> TLS_RSA_WITH_AES_128_CBC_SHA] >> javax.net.ssl|TRACE|30|main|2025-11-26 14:31:31.997 >> GMT|SSLContextImpl.java:425|Available cipher suites for protocols:[TLSv1.3, >> TLSv1.2] >> [TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 >> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 >> TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 >> TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 >> TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SH... > > Sean Coffey has updated the pull request with a new target base due to a > merge or a rebase. The pull request now contains 11 commits: > > - Clean up sync of DebugPropertyValuesTest.java > - Remove verbose option for now, difficult to exercise code path > - Merge branch 'master' into 8371333-ssl-debug > - Merge branch 'master' into 8371333-ssl-debug > - Incorportate comments from Jamil > - Merge branch 'master' into 8371333-ssl-debug > - Merge branch 'master' into 8371333-ssl-debug > - Move wrapText method to Utilities > - Merge branch 'master' into 8371333-ssl-debug > - use LINE_SEP > - ... and 1 more: https://git.openjdk.org/jdk/compare/a2961293...ed4c5687 The verbose logging level for "Ignore unsupported cipher suite:" debug statement is removed with this change. As a result, I couldn't find a suitable replacement to exercise for the "verbose" log calls. I've removed this coverage for now in test/jdk/sun/security/ssl/SSLLogger/DebugPropertyValuesTest.java debugMessages.put("verbose", List.of("Ignore unsupported cipher suite:")); ------------- PR Comment: https://git.openjdk.org/jdk/pull/28511#issuecomment-3951384159
