Re: RFR: 8344366: Remove Security Manager dependencies from javax.net.ssl and sun.security.ssl packages [v2]

On Fri, 22 Nov 2024 16:38:01 GMT, Sean Mullan wrote: >> Now that JEP 486 has been integrated, the `javax.net.ssl` and >> `sun.security.ssl` package implementation dependencies on >> `System.getSecurityManager`, `AccessController.doPrivileged` and >> `AccessControlContext` can be removed. >> >

Re: RFR: 8353113: Peer supported certificate signature algorithms are not being checked with default SunX509 key manager [v3]

On Mon, 12 May 2025 20:05:18 GMT, Artur Barashev wrote: >> When the deafult SunX509KeyManagerImpl is being used we are in violation of >> TLSv1.3 RFC spec because we ignore peer supported certificate signatures >> sent to us in "signature_algorithms"/"signature_algorithms_cert" extensions: >> h

Re: RFR: 8341346: Add support for exporting TLS Keying Material [v18]

On Sat, 17 May 2025 00:03:10 GMT, Bradford Wetmore wrote: >> Adds the RFC 5705/8446 TLS Key Exporters API/implementation to JSSE/SunJSSE >> respectively. >> >> CSR is underway. >> >> Tests include new unit tests for TLSv1-1.3. Will run tier1-2, plus the JCK >> API (jck:api/java_security jck:

Re: RFR: 8341346: Add support for exporting TLS Keying Material [v18]

On Sat, 17 May 2025 00:03:10 GMT, Bradford Wetmore wrote: >> Adds the RFC 5705/8446 TLS Key Exporters API/implementation to JSSE/SunJSSE >> respectively. >> >> CSR is underway. >> >> Tests include new unit tests for TLSv1-1.3. Will run tier1-2, plus the JCK >> API (jck:api/java_security jck:

Re: RFR: 8341346: Add support for exporting TLS Keying Material [v27]

On Thu, 29 May 2025 00:54:37 GMT, Bradford Wetmore wrote: >> Adds the RFC 5705/8446 TLS Key Exporters API/implementation to JSSE/SunJSSE >> respectively. >> >> CSR is complete/approved. >> >> Tests include new unit tests for TLSv1-1.3. Have run tier1-2, plus the JCK >> API (jck:api/java_secu

Re: RFR: 8341346: Add support for exporting TLS Keying Material [v27]

On Fri, 30 May 2025 01:25:37 GMT, Bradford Wetmore wrote: >> src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java line 1494: >> >>> 1492: if (exporterMasterSecret == null) { >>> 1493: throw new RuntimeException( >>> 1494: "Exporter

Re: RFR: 8341346: Add support for exporting TLS Keying Material [v28]

On Fri, 30 May 2025 01:13:48 GMT, Bradford Wetmore wrote: >> Adds the RFC 5705/8446 TLS Key Exporters API/implementation to JSSE/SunJSSE >> respectively. >> >> CSR is complete/approved. >> >> Tests include new unit tests for TLSv1-1.3. Have run tier1-2, plus the JCK >> API (jck:api/java_secu

Re: RFR: 8341346: Add support for exporting TLS Keying Material [v27]

On Thu, 29 May 2025 00:54:37 GMT, Bradford Wetmore wrote: >> Adds the RFC 5705/8446 TLS Key Exporters API/implementation to JSSE/SunJSSE >> respectively. >> >> CSR is complete/approved. >> >> Tests include new unit tests for TLSv1-1.3. Have run tier1-2, plus the JCK >> API (jck:api/java_secu

Re: RFR: 8341346: Add support for exporting TLS Keying Material [v30]

On Fri, 30 May 2025 21:58:38 GMT, Bradford Wetmore wrote: >> Adds the RFC 5705/8446 TLS Key Exporters API/implementation to JSSE/SunJSSE >> respectively. >> >> CSR is complete/approved. >> >> Tests include new unit tests for TLSv1-1.3. Have run tier1-2, plus the JCK >> API (jck:api/java_secu

Re: RFR: 8353113: Peer supported certificate signature algorithms are not being checked with default SunX509 key manager [v3]

On Thu, 15 May 2025 19:29:07 GMT, Sean Mullan wrote: > > > It is nice to refactor the common code for algorithm constraints checking > > > into a new class, `X509KeyManagerConstraints.java`, used by both > > > `SunX509KeyManagerImpl` and `X509KeyManagerImpl`. However, it looks like > > > a new