On Fri, 26 Jun 2026 12:34:57 GMT, Artur Barashev <[email protected]> wrote:
> > How can we make sure this doesn't happen again when new cipher suites are > > added? > > Good point, Daniel! > > @chmielewskiandreas How about we add an instructional comment at > `SSLCipher.java:66`: "Make sure to update SSLAlgorithmDecomposer when > adding/removing ciphers below"? I think adding a comment would help, but it’s still easy to miss when adding new cipher suites. An alternative approach would be to enforce this at test level. We could derive the set of TLS cipher suites dynamically, extract their bulk cipher components, and verify that jdk.tls.disabledAlgorithms correctly disables them. This way, if new cipher suites are added, the test will automatically cover them and fail if the bulk cipher decomposition is not updated accordingly. I am experimenting with this approach now by iterating over the available cipher suites and deriving the bulk cipher from their names. The main challenge is correctly handling different naming formats, but once that is done, the test becomes self‑maintaining. What do you think? ------------- PR Comment: https://git.openjdk.org/jdk/pull/31633#issuecomment-4809716505
