[JEP-219/JDK-8043758] Code Review Request: Datagram Transport Layer Security (DTLS)

Xuelei Fan xuelei.fan at oracle.com
Wed May 27 12:12:04 UTC 2015


On 5/27/2015 6:46 PM, Weijun Wang wrote:
> There are several places you write
> 
>             // DTLS bans stream ciphers.
>             if (suite.cipher.cipherType == CipherType.STREAM_CIPHER) {
>                 return true;
>             }
> 
> According to rfc6347
> 
> 4.1.2.5.  New Cipher Suites
> 
>    Upon registration, new TLS cipher suites MUST indicate whether they
>    are suitable for DTLS usage and what, if any, adaptations must be
>    made (see Section 7 for IANA considerations).
> 
> Is it better to add a suitableForDTLS() method to CipherSuite? You can
> choose a better name.
> 
At present, only stream cipher suites are not suitable for DTLS usage.
I will use the suggestion if new cipher suites are not suitable for DTLS
in the future.

> In CipherSuite.java, there are
> 
>     // obsoleted since protocol version
>     final int obsoleted;
> 
>     // supported since protocol version
>     final int supported;
> 
> You might want to add a comment that the version must uses TLS versions
> (not DTLS versions).
> 
Good!  I made the update as:

    // obsoleted since protocol version
    //
    // TLS version is used.  If checking DTLS versions, please map to
    // TLS version firstly.  See ProtocolVersion.mapToTLSProtocol().
    final int obsoleted;

    // supported since protocol version (TLS version is used)
    //
    // TLS version is used.  If checking DTLS versions, please map to
    // TLS version firstly.  See ProtocolVersion.mapToTLSProtocol().
    final int supported;

Thanks,
Xuelei

> --Max
> 
> On 5/21/2015 9:25 AM, Xuelei Fan wrote:
>> Hi,
>>
>> Please review DTLS implementation [JEP-219/JDK-8043758]:
>>
>> webrev: http://cr.openjdk.java.net/~xuelei/8043758/webrev.latest/
>> JBS: https://bugs.openjdk.java.net/browse/JDK-8043758
>>
>> I would greatly appreciate it if you could send me feedback on or before
>> May 28, 2015.
>>
>> Thanks & Regards,
>> Xuelei Fan
>>



More information about the security-dev mailing list