8245263: Enable TLSv1.3 by default on JDK 8u for Client roles

[alexeybakhtin]

Please review a patch to enable TLSv1.3 by default on JDK 8u for Client roles
I'd like to add this functionality for parity with Oracle JavaSE8

The patch rolls back the JDK-8245476 and updates JTREG tests

All sun/security/ssl and javax/net/ssl jtreg tests are passed

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue

Issue

• JDK-8245263: Enable TLSv1.3 by default on JDK 8u for Client roles

Reviewers

• Martin Balao (@martinuy - Reviewer)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk8u-dev pull/96/head:pull/96
$ git checkout pull/96

Update a local copy of the PR:
$ git checkout pull/96
$ git pull https://git.openjdk.org/jdk8u-dev pull/96/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 96

View PR using the GUI difftool:
$ git pr show -t 96

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk8u-dev/pull/96.diff

[bridgekeeper]

👋 Welcome back abakhtin! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[mlbridge]

Webrevs

• 01: Full - Incremental (e8904524)
• 00: Full (013a3d34)

[jerboaa]

@martinuy @franferrax Could you please review this?

[martinuy]

Hi @alexeybakhtin ,

Thanks for proposing this backport. Just for the record, the non-tests part of this change is the revert of https://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/ad16e2ef963c

Looks good to me overall, just a couple of minor comments related to tests:

1. During the 8u backport of several TLS 1.3 related tests, a system property had to be passed so TLS 1.3 was used by the client: -Djdk.tls.client.protocols. Can we now remove this and leave the tests aligned to newer releases? This would also be an additional check for the new defaults.

2. The test TLSClientPropertyTest.java requires some TLS 1.3 removal undoing too.

For reference, this is the changeset that introduced the TLS 1.3 tests adaptation in 8u: https://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/ed0d638da09f

Thanks,
Martin.-

[alexeybakhtin]

Hi @martinuy
Thank you a lot for the review and your comments
Please find updates for the TLSv1.3 related tests. As you said most of the changes are revert of the tests adaptation https://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/ed0d638da09f
Also, I have updated tests from the 99f78de and ce0307b

[martinuy]

Hi @alexeybakhtin ,

Changes look good. Any new test failure? (I don't think but just wanted to check)

[alexeybakhtin]

@martinuy
No new failures in sun/security/ssl javax/net/ssl tests. All tests passed except of sun/security/ssl/X509TrustManagerImpl/Symantec/Distrust.java which fails on the unmodified code also.

[martinuy]

Looks good to me.

[openjdk]

@alexeybakhtin This change now passes all automated pre-integration checks.

After integration, the commit message for the final commit will be:

8245263: Enable TLSv1.3 by default on JDK 8u for Client roles

Reviewed-by: mbalao

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 1 new commit pushed to the master branch:

• 0869fc0: 8071507: (ref) Clear phantom reference as soft and weak references do

Please see this link for an up-to-date comparison between the source branch of this pull request and the master branch.
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

[jerboaa]

@alexeybakhtin Please use PR title Backport JDK-8245263 as the issue is oracle-jdk specific which doesn't have a public sha we can reference. This should be a workaround to make the skara tooling recognize this as a backport. See https://bugs.openjdk.org/browse/SKARA-1076

[openjdk]

This backport pull request has now been updated with the original issue, but not the original commit. If you have the original commit hash, please update the pull request title with Backport <hash>.

[alexeybakhtin]

/integrate

[openjdk]

Going to push as commit 8e2c498.
Since your change was applied there has been 1 commit pushed to the master branch:

• 0869fc0: 8071507: (ref) Clear phantom reference as soft and weak references do

Your commit was automatically rebased without conflicts.

[openjdk]

@alexeybakhtin Pushed as commit 8e2c498.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.