Not sure if it is helpful for debugging (other than you get caller stacktraces
and a logfile) but for audit purpose a single
consolidated event which allows to see which real, which kdc, which ciphers and
Idendity might be a thing useable
even in production. Especially if also SSPI/native cache i
Hi Sean,
This is a tough question. I guess maybe the same granularity as the log
messages: that is,
emitting a JFR event for every step where now a log message is logged,
with similar parameters
would probably make sense?
At the same time, would anyone use JFR events to debug a Kerberos issue? I
Thx for all this clarification.
For example, how will the user configure the list of available PSKs?
Regarding PSK API from other libraries :
*AdvancedPskStore* from Scandium 3.x which is not so straight forward to
use mainly because it supports async request :
https://github.com/eclipse-c
Hi Daniel,
Thx for quick answer.
For PSK and AES, if this is added then this will be also for TLS ? (not
only DTLS right ?) and for version 1.2 and 1.3 ? and also when this
feature will be added, would they be available on next JDK version OR
also old version ? (e.g. I know some recent secur
> Change `Krb5LoginModule` debugging to use `sun.security.util.Debug`.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
typo
-
Changes:
- all: https://git.openjdk.org/jdk/pull/18199/files
- new: https://git.openjdk.org
On Fri, 15 Mar 2024 13:35:29 GMT, Weijun Wang wrote:
>> src/java.base/share/classes/sun/security/util/Debug.java line 180:
>>
>>> 178: * @return a new Debug object if the property is true
>>> 179: */
>>> 180: public static Debug of(String option, String property) {
>>
>> the `prop
On Fri, 15 Mar 2024 13:04:00 GMT, Sean Coffey wrote:
>> Weijun Wang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Mark's comments
>
> src/java.base/share/classes/sun/security/util/Debug.java line 172:
>
>> 170: * settings. For ex
> Change `Krb5LoginModule` debugging to use `sun.security.util.Debug`.
Weijun Wang has updated the pull request incrementally with one additional
commit since the last revision:
Seán's comments
-
Changes:
- all: https://git.openjdk.org/jdk/pull/18199/files
- new: https://git.
On Thu, 14 Mar 2024 03:12:30 GMT, John Jiang wrote:
>> In method `X509Authentication::createServerPossession`, it looks unnecessary
>> to define variable `serverAlias` out of the for-loop.
>> It may be better to move `serverAlias` into that loop to narrow down the
>> scope.
>
> John Jiang has u
On Thu, 14 Mar 2024 20:30:58 GMT, Weijun Wang wrote:
>> Change `Krb5LoginModule` debugging to use `sun.security.util.Debug`.
>
> Weijun Wang has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Mark's comments
Looks good. Few minor comments mad
Hi Simon,
Yes, the cipher suites in CipherSuite class are available in both TLS
and DTLS by default. TLS 1.3 uses different cipher suites from TLS
1.2, so both protocols need to be updated.
Regarding backporting to other versions of Java, backports are
reviewed on a case-by-case basis. TLS changes
On Thu, 7 Mar 2024 11:57:07 GMT, Sean Coffey wrote:
>> Proposal to improve the `java.security.debug` output so that options exist
>> to add thread ID, thread name, source of log record and a timestamp
>> information to the output.
>>
>> examples:
>> format without patch :
>>
>>
>> properties
Hi Tim,
Thanks for the info! Some comments below:
- It is possible to inject and receive DTLS packets via a socket interface.
However, demultiplexing of incoming packets is not supported.
- Use_srtp extension is not implemented. Key material extraction is not
supported either.
- Certificate verific
Hi Simon, welcome to security-dev!
You got the situation of DTLS right:
- PSK cipher suites were first requested in JDK-6476446, then in JDK-8049402.
- connection identifier is not implemented, and not on the to-do list yet;
- AES-CCM was requested in JDK-8008342, then in JDK-8176395. If I
underst
14 matches
Mail list logo
