On Wed, 15 Jul 2026 14:43:21 GMT, Sean Mullan <[email protected]> wrote:

>> Andreas Chmielewski has updated the pull request incrementally with one 
>> additional commit since the last revision:
>> 
>>   Remove unused imports
>
> test/jdk/javax/net/ssl/ciphersuites/BulkCipherDisabledAlgorithms.java line 1:
> 
>> 1: /*
> 
> While this reduces the number of VMs spawned, 90 VMs are still spawned. I 
> think there is still some redundancy that can be eliminated.
> 
> This test is very comprehensive, in that it tests the disabling of every 
> cipher suite by the full name and its bulk cipher algorithm. However, the  
> logic involved in disabling the full cipher suite name 
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is the same as disabling 
> TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 or any other suite name, it is just a 
> match on the cipher suite name. I don't think it is necessary to test the 
> disabling of every suite which uses the same logic. Probably one suite for 
> TLS 1.2 and one for TLS 1.3 would be sufficient.
> 
> For the bulk cipher algorithm, there is also some redundancy. Probably 
> testing one suite per bulk cipher for each protocol (1.2 and 1.3) would be 
> sufficient, but some redundancy here is probably fine as this was the main 
> issue that we needed a test for.

Thanks for your review!

I immediately spotted one opportunity to reduce the number of spawned VMs 
further, from 90 to 60. Currently, the test also disables each cipher suite by 
its full suite name:

`tests.add(new String[] { suiteName, suiteName, "disabled" });`

However, the purpose of this test is to verify the behavior of disabling bulk 
cipher algorithms, not disabling cipher suites by name. I therefore propose 
removing this case entirely.

Other than that, I would prefer to keep the test in its current form, as it 
exercises all supported cipher suites. If you agree, I'll update the PR 
accordingly.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/31812#discussion_r3589827621

Reply via email to