8313229: DHEKeySizing.java should be modified to use TLS versions TLSv1, TLSv1.1, TLSv1.2#15846
8313229: DHEKeySizing.java should be modified to use TLS versions TLSv1, TLSv1.1, TLSv1.2#15846seanjmullan wants to merge 2 commits intoopenjdk:masterfrom
Conversation
… 1.2). Removed unnecessary exportable parameter.
|
👋 Welcome back mullan! A progress list of the required criteria for merging this PR into |
|
@seanjmullan The following label will be automatically applied to this pull request:
When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command. |
Webrevs
|
| * @library /javax/net/ssl/templates | ||
| * @run main/othervm -Djdk.tls.client.enableSessionTicketExtension=false | ||
| * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA false 1643 267 | ||
| * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA 1645 267 TLSv1 |
There was a problem hiding this comment.
Just curious why the server key exchange length went up in size by a couple bytes. Was 1643 incorrect before this change?
There was a problem hiding this comment.
Good question. Part of this is a cut-and-paste error. The only change to 1645 bytes should be for line 64. The previous version of this test used TLS 1.0 for all the tests. When testing this on different protocols, I noticed the server hello for this cipher suite takes 2 extra bytes on TLSv1.2, and this was enough to cause the test to fail even with the 6 extra bytes for KEY_LEN_BIAS. - I don't know the exact reason why it takes a few extra bytes though.
I fixed this in the latest commit - only line 64 should be different now for the server hello length.
There was a problem hiding this comment.
An extra two bytes for a server hello could be due to the assertion of a SH extension that was not asserted in earlier versions of the protocol or something along those lines. Since that 1645 bytes relates to "Server Hello Series" (I assume that means the entire SH flight of messages) there could be a two-byte variance in a number of places. The fix looks good to me.
…h TLSv1.2. Fix some typos.
|
@seanjmullan This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be: You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 366 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
|
/integrate |
|
Going to push as commit c698b45.
Your commit was automatically rebased without conflicts. |
openjdk
bot
removed
ready
|
@seanjmullan Pushed as commit c698b45. 💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored. |
2 participants
Please review this change to ensure this test is tested on different TLS protocols (1.0, 1.1, 1.2)
I added a protocol parameter to the test arguments so that different protocols are tested. I also removed the boolean exportable argument as it wasn't doing anything.
Progress
Issue
Reviewers
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/15846/head:pull/15846$ git checkout pull/15846Update a local copy of the PR:
$ git checkout pull/15846$ git pull https://git.openjdk.org/jdk.git pull/15846/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 15846View PR using the GUI difftool:
$ git pr show -t 15846Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/15846.diff
Webrev
Link to Webrev Comment