> For the PKIX KeyManager and PKCS12 Keystore, when the TLS server sends the
> ServerHello message and ultimately calls the
> X509KeyManagerImpl.chooseEngineServerAlias() method, it retrieves the private
> key from the keystore, decrypts it, and caches both the key and its
> certificate. This c
On Tue, 19 Mar 2024 06:20:53 GMT, John Jiang wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Updated with John's comments
>
> src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java line 82:
>
>> 80:
On Thu, 21 Mar 2024 02:03:39 GMT, Prasadrao Koppula
wrote:
>> JDK server does not send a dummy change_cipher_spec record after
>> HelloRetryRequest message.
>>
>> According to RFC 8446 (Middlebox Compatibility Mode), if the client sends a
>> non-empty session ID in the ClientHello message, th
On Thu, 21 Mar 2024 02:03:39 GMT, Prasadrao Koppula
wrote:
>> JDK server does not send a dummy change_cipher_spec record after
>> HelloRetryRequest message.
>>
>> According to RFC 8446 (Middlebox Compatibility Mode), if the client sends a
>> non-empty session ID in the ClientHello message, th
On Sat, 18 Nov 2023 02:41:05 GMT, Alexey Bakhtin wrote:
> Please review the proposed fix.
>
> The patch loads system root certificates from the MacOS Keychain with
> TrustSettings.
> It allows to build a trusted certificate path using the MacOS Keychain store
> only.
This pull request has now
On Thu, 21 Mar 2024 19:39:36 GMT, Sean Coffey wrote:
>> Proposal to improve the `java.security.debug` output so that options exist
>> to add thread ID, thread name, source of log record and a timestamp
>> information to the output.
>>
>> examples:
>> format without patch :
>>
>>
>> propertie
On Thu, 21 Mar 2024 15:20:39 GMT, Sean Mullan wrote:
>> Alexey Bakhtin has refreshed the contents of this pull request, and previous
>> commits have been removed. The incremental views will show differences
>> compared to the previous content of the PR. The pull request contains one
>> new com
> Please review the proposed fix.
>
> The patch loads system root certificates from the MacOS Keychain with
> TrustSettings.
> It allows to build a trusted certificate path using the MacOS Keychain store
> only.
Alexey Bakhtin has updated the pull request incrementally with one additional
comm
On Wed, 20 Mar 2024 19:48:52 GMT, Aleksey Shipilev wrote:
> See the rationale/discussion in the bug. This patch introduces the option
> that allows to restore
> pre-[JDK-8179503](https://bugs.openjdk.org/browse/JDK-8179503) behavior. The
> default behavior does not change. Better suggestions f
On Wed, 20 Mar 2024 19:48:52 GMT, Aleksey Shipilev wrote:
> See the rationale/discussion in the bug. This patch introduces the option
> that allows to restore
> pre-[JDK-8179503](https://bugs.openjdk.org/browse/JDK-8179503) behavior. The
> default behavior does not change. Better suggestions f
On Thu, 21 Mar 2024 19:39:36 GMT, Sean Coffey wrote:
>> Proposal to improve the `java.security.debug` output so that options exist
>> to add thread ID, thread name, source of log record and a timestamp
>> information to the output.
>>
>> examples:
>> format without patch :
>>
>>
>> propertie
> Proposal to improve the `java.security.debug` output so that options exist to
> add thread ID, thread name, source of log record and a timestamp information
> to the output.
>
> examples:
> format without patch :
>
>
> properties: Initial security property:
> package.definition=sun.misc.,su
On Wed, 20 Mar 2024 22:53:40 GMT, Alexey Bakhtin wrote:
>> Please review the proposed fix.
>>
>> The patch loads system root certificates from the MacOS Keychain with
>> TrustSettings.
>> It allows to build a trusted certificate path using the MacOS Keychain store
>> only.
>
> Alexey Bakhtin h
On Thu, 21 Mar 2024 18:34:38 GMT, Alexey Bakhtin wrote:
>> Please review the proposed fix.
>>
>> The patch loads system root certificates from the MacOS Keychain with
>> TrustSettings.
>> It allows to build a trusted certificate path using the MacOS Keychain store
>> only.
>
> Alexey Bakhtin h
> Please review the proposed fix.
>
> The patch loads system root certificates from the MacOS Keychain with
> TrustSettings.
> It allows to build a trusted certificate path using the MacOS Keychain store
> only.
Alexey Bakhtin has updated the pull request incrementally with one additional
comm
On Thu, 21 Mar 2024 17:13:46 GMT, Bill Huang wrote:
>> This task addresses an essential aspect of our testing infrastructure: the
>> proper handling and cleanup of temporary files and socket files created
>> during test execution. The motivation behind these changes is to prevent the
>> accumu
> Hi,
>
> I'd like to propose a fix for "8328556: Do not extract large CKO_SECRET_KEY
> keys from the NSS Software Token". See more details in the JBS ticket [1].
>
> No regressions observed in jdk/sun/security/pkcs11.
>
> Thanks,
> Martin.-
>
> --
> [1] - https://bugs.openjdk.org/browse/JDK-8
On Thu, 21 Mar 2024 17:17:41 GMT, Martin Balao wrote:
>> Hi,
>>
>> I'd like to propose a fix for "8328556: Do not extract large CKO_SECRET_KEY
>> keys from the NSS Software Token". See more details in the JBS ticket [1].
>>
>> No regressions observed in jdk/sun/security/pkcs11.
>>
>> Thanks,
> Hi,
>
> I'd like to propose a fix for "8328556: Do not extract large CKO_SECRET_KEY
> keys from the NSS Software Token". See more details in the JBS ticket [1].
>
> No regressions observed in jdk/sun/security/pkcs11.
>
> Thanks,
> Martin.-
>
> --
> [1] - https://bugs.openjdk.org/browse/JDK-8
> This task addresses an essential aspect of our testing infrastructure: the
> proper handling and cleanup of temporary files and socket files created
> during test execution. The motivation behind these changes is to prevent the
> accumulation of unnecessary files in the default temporary direc
On Thu, 21 Mar 2024 15:06:58 GMT, Jaikiran Pai wrote:
>> Bill Huang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Implemented review comments
>
> test/jdk/java/util/zip/ZipFile/ZeroDate.java line 95:
>
>> 93:
>> 94: // ensure
On Thu, 21 Mar 2024 14:41:36 GMT, Jaikiran Pai wrote:
>> Bill Huang has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Implemented review comments
>
> test/jdk/com/sun/management/HotSpotDiagnosticMXBean/CheckOrigin.java line 57:
>
>> 55:
On Thu, 21 Mar 2024 06:32:56 GMT, Daniel JeliĆski wrote:
> Would it be possible to add a regression test for this? I think you should be
> able to trigger a failure by calculating a HMAC using the same key two times.
May be possible. To create a large secret key we can use a DH derivation + TLS
On Thu, 21 Mar 2024 15:23:03 GMT, Sean Mullan wrote:
> > Hi @seanjmullan Thank you for review I've added the test
>
> Thanks. @rhalade Is this an acceptable place (security/infra) to put a test
> that makes external network connections?
Yes, it is correct place to add this infra test. @alexeyb
On Tue, 19 Mar 2024 14:01:14 GMT, Sean Mullan wrote:
>> Alexey Bakhtin has updated the pull request incrementally with one
>> additional commit since the last revision:
>>
>> Load root certificates from SystemRootCertificates.keychain
>
> Is it practical to add a test as described in the bug?
On Tue, 19 Mar 2024 17:58:46 GMT, Bill Huang wrote:
>> This task addresses an essential aspect of our testing infrastructure: the
>> proper handling and cleanup of temporary files and socket files created
>> during test execution. The motivation behind these changes is to prevent the
>> accumu
On Tue, 19 Mar 2024 17:58:46 GMT, Bill Huang wrote:
>> This task addresses an essential aspect of our testing infrastructure: the
>> proper handling and cleanup of temporary files and socket files created
>> during test execution. The motivation behind these changes is to prevent the
>> accumu
On Tue, 19 Mar 2024 17:58:46 GMT, Bill Huang wrote:
>> This task addresses an essential aspect of our testing infrastructure: the
>> proper handling and cleanup of temporary files and socket files created
>> during test execution. The motivation behind these changes is to prevent the
>> accumu
This fix intends to eliminate additional library call to C_EncryptInit or
C_DecryptInit for Ciphers running through the CKM_AES_GCM.
Background:
There are two types of CK_GCM_PARAMS struct that are used, one with IV bits and
the other without it.
Initially there was issue in NSS library, due
On Thu, 21 Mar 2024 02:03:39 GMT, Prasadrao Koppula
wrote:
>> JDK server does not send a dummy change_cipher_spec record after
>> HelloRetryRequest message.
>>
>> According to RFC 8446 (Middlebox Compatibility Mode), if the client sends a
>> non-empty session ID in the ClientHello message, th
On Thu, 21 Mar 2024 02:03:39 GMT, Prasadrao Koppula
wrote:
>> JDK server does not send a dummy change_cipher_spec record after
>> HelloRetryRequest message.
>>
>> According to RFC 8446 (Middlebox Compatibility Mode), if the client sends a
>> non-empty session ID in the ClientHello message, th
31 matches
Mail list logo
