[JEP-219/JDK-8043758] Code Review Request: Datagram Transport Layer Security (DTLS)

Weijun Wang weijun.wang at oracle.com
Wed May 27 10:46:29 UTC 2015


There are several places you write

             // DTLS bans stream ciphers.
             if (suite.cipher.cipherType == CipherType.STREAM_CIPHER) {
                 return true;
             }

According to rfc6347

4.1.2.5.  New Cipher Suites

    Upon registration, new TLS cipher suites MUST indicate whether they
    are suitable for DTLS usage and what, if any, adaptations must be
    made (see Section 7 for IANA considerations).

Is it better to add a suitableForDTLS() method to CipherSuite? You can 
choose a better name.

In CipherSuite.java, there are

     // obsoleted since protocol version
     final int obsoleted;

     // supported since protocol version
     final int supported;

You might want to add a comment that the version must uses TLS versions 
(not DTLS versions).

--Max

On 5/21/2015 9:25 AM, Xuelei Fan wrote:
> Hi,
>
> Please review DTLS implementation [JEP-219/JDK-8043758]:
>
> webrev: http://cr.openjdk.java.net/~xuelei/8043758/webrev.latest/
> JBS: https://bugs.openjdk.java.net/browse/JDK-8043758
>
> I would greatly appreciate it if you could send me feedback on or before
> May 28, 2015.
>
> Thanks & Regards,
> Xuelei Fan
>


More information about the security-dev mailing list