Code Review Request: TLS 1.3 full handshake (JDK-8196584)
adam.petcher at oracle.com
Fri Mar 23 19:35:54 UTC 2018
Note: I am not a Reviewer. This is not a Review.
I took a look at some of the files that I was working in during my
extension development. I just have a few minor comments:
TransportContext.java, line 428: It's not clear why the outbound
direction is closed here. Consider adding more comments to describe what
is going on.
SessionId.java, lines 54: need to clone()?
SessionId.java, lines 81-87: you could do Arrays.hashCode(sessionId)
SSLExtension.java, line 441: The word "trad" is used here and in other
places in the file. Should this be "trade"?
KeyShareExtension.java, lines 264-265: I think you can remove the
comment, and the code is fine as it is. The problem of large ClientHello
messages should be addressed when we add support for HelloRetryRequest.
On 2/22/2018 3:29 PM, Xuelei Fan wrote:
> Updated to use package private HKDF implementation.
> webrev (based on JDK-8185576):
> webrev (including JDK-8185576):
> On 2/20/2018 11:57 AM, Xuelei Fan wrote:
>> I'd like to invite you to review the TLS 1.3 full handshake
>> implementation. I appreciate it if I could have feedback before
>> March 9, 2018.
>> In the "JDK-8185576: New handshake implementation"  code review
>> around, I was trying to re-org the TLS handshaking implementation in the
>> SunJSSE provider. If you had reviewed that part, you can start from
>> the following webrev that based on the update of JDK-8185576:
>> If you would like start from earlier, here is the webrev that
>> contains the handshaking implementation re-org in JDK-8185576:
>> This changeset only implements the full handshake of TLS 1.3, rather
>> then a fully implementation of the latest TLS 1.3 draft .
>> In this implementation, I removed:
>> 1. the KRB5 cipher suite implementation.
>> Please let me know if you are still using KRB5 cipher suite. I may
>> not add them back if no objections.
>> 2. OCSP stapling.
>> This feature will be added back later.
>> Resumption and key update, and more features may be added later.
>> Thanks & Regards,
>> : https://tools.ietf.org/html/draft-ietf-tls-tls13-24
More information about the security-dev