On Fri, 22 Mar 2024 06:56:33 GMT, Hai-May Chao wrote:
>> For the PKIX KeyManager and PKCS12 Keystore, when the TLS server sends the
>> ServerHello message and ultimately calls the
>> X509KeyManagerImpl.chooseEngineServerAlias() method, it retrieves the
>> private key from the keystore, decrypt
> See the rationale/discussion in the bug. This patch introduces the option
> that allows to restore
> pre-[JDK-8179503](https://bugs.openjdk.org/browse/JDK-8179503) behavior. The
> default behavior does not change. Better suggestions for flag name are
> welcome.
>
> Additional testing:
> - [
On Thu, 21 Mar 2024 09:23:43 GMT, Prajwal Kumaraswamy
wrote:
> This fix intends to eliminate additional library call to C_EncryptInit or
> C_DecryptInit for Ciphers running through the CKM_AES_GCM.
>
> Background:
>
> There are two types of CK_GCM_PARAMS struct that are used, one with IV bit
On Fri, 22 Mar 2024 17:54:19 GMT, Rajan Halade wrote:
> Fix updates these tests to use OCSP or CRL revocation check with failover
> enabled. Intermediate root CA "WE3" doesn't specify OCSP responder in AIA
> extension. Check https://good.gsr4.demo.pki.goog/ for example.
This looks reasonable.
On Fri, 22 Mar 2024 17:54:19 GMT, Rajan Halade wrote:
> Fix updates these tests to use OCSP or CRL revocation check with failover
> enabled. Intermediate root CA "WE3" doesn't specify OCSP responder in AIA
> extension. Check https://good.gsr4.demo.pki.goog/ for example.
This pull request has n
> See the rationale/discussion in the bug. This patch introduces the option
> that allows to restore
> pre-[JDK-8179503](https://bugs.openjdk.org/browse/JDK-8179503) behavior. The
> default behavior does not change. Better suggestions for flag name are
> welcome.
>
> Additional testing:
> - [
On Mon, 25 Mar 2024 10:55:35 GMT, Daniel Jeliński wrote:
> Does this PR actually improve the performance of AES/GCM? I'm asking because
> NSS documentation states that the newer NSS versions actually support both
> forms of the parameters, so I'd expect no performance penalty for using the
> o
On Mon, 25 Mar 2024 06:34:53 GMT, Prajwal Kumaraswamy
wrote:
> > Now that we are going with the normative version first, maybe we should
> > make additional changes to clean up the flow further?Say,
> >
> > 1. update `jGCMParamsToCKGCMParamPtr(JNIEnv *env, jobject jParam, CK_ULONG
> > *pLengt
> For context, I am writing tests to check for accurate use of `@since` tags in
> documentation comments in source code.
> We're following these rules for now:
>
> ### Rule 1: Introduction of New Elements
>
> - If an element is new in JDK N, with no equivalent in JDK N-1, it must
> include `@si
On Fri, 22 Mar 2024 06:56:33 GMT, Hai-May Chao wrote:
>> For the PKIX KeyManager and PKCS12 Keystore, when the TLS server sends the
>> ServerHello message and ultimately calls the
>> X509KeyManagerImpl.chooseEngineServerAlias() method, it retrieves the
>> private key from the keystore, decrypt
On Mon, 25 Mar 2024 02:17:18 GMT, John Jiang wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Updated with John's comments
>
> src/java.base/share/classes/sun/security/ssl/X509KeyManagerImpl.java line 168:
>
>> 166
> For the PKIX KeyManager and PKCS12 Keystore, when the TLS server sends the
> ServerHello message and ultimately calls the
> X509KeyManagerImpl.chooseEngineServerAlias() method, it retrieves the private
> key from the keystore, decrypts it, and caches both the key and its
> certificate. This c
12 matches
Mail list logo
