RFR 8176536: Backport weak algorithms checking

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

RFR 8176536: Backport weak algorithms checking

Anthony Scarpino
Hi,

I need a review of this large backport of the weak algorithm checking
code to jdk8.

In mosts cases the changes are either identical or 95% of what is in
jdk9, the below two files deviate the most from jdk9 because of other
jdk9 features:
   src/share/classes/sun/security/ssl/SSLContextImpl.java
   src/share/classes/sun/security/validator/PKIXValidator.java

http://cr.openjdk.java.net/~ascarpino/8176536/webrev/

thanks

Tony
Reply | Threaded
Open this post in threaded view
|

Re: RFR 8176536: Backport weak algorithms checking

Sean Mullan
Looks good to me. Please also include the recent fix to disable SHA-1
TLS Server certificates in this backport:
https://bugs.openjdk.java.net/browse/JDK-8176503

--Sean

On 3/16/17 1:04 AM, Anthony Scarpino wrote:

> Hi,
>
> I need a review of this large backport of the weak algorithm checking
> code to jdk8.
>
> In mosts cases the changes are either identical or 95% of what is in
> jdk9, the below two files deviate the most from jdk9 because of other
> jdk9 features:
>   src/share/classes/sun/security/ssl/SSLContextImpl.java
>   src/share/classes/sun/security/validator/PKIXValidator.java
>
> http://cr.openjdk.java.net/~ascarpino/8176536/webrev/
>
> thanks
>
> Tony
Reply | Threaded
Open this post in threaded view
|

Re: RFR 8176536: Backport weak algorithms checking

Anthony Scarpino
Oh yeah. I had forgot to resync to get your change.  Thanks for the reminder.

Tony

> On Mar 17, 2017, at 1:06 PM, Sean Mullan <[hidden email]> wrote:
>
> Looks good to me. Please also include the recent fix to disable SHA-1 TLS Server certificates in this backport: https://bugs.openjdk.java.net/browse/JDK-8176503
>
> --Sean
>
>> On 3/16/17 1:04 AM, Anthony Scarpino wrote:
>> Hi,
>>
>> I need a review of this large backport of the weak algorithm checking
>> code to jdk8.
>>
>> In mosts cases the changes are either identical or 95% of what is in
>> jdk9, the below two files deviate the most from jdk9 because of other
>> jdk9 features:
>>  src/share/classes/sun/security/ssl/SSLContextImpl.java
>>  src/share/classes/sun/security/validator/PKIXValidator.java
>>
>> http://cr.openjdk.java.net/~ascarpino/8176536/webrev/
>>
>> thanks
>>
>> Tony

Reply | Threaded
Open this post in threaded view
|

Re: RFR 8176536: Backport weak algorithms checking

Anthony Scarpino
Hi Sean,

I updated the webrev with your recent change.  One you ok this, I'll
request approval for backport.

http://cr.openjdk.java.net/~ascarpino/8176536/webrev.01/

thanks

Tony


On 03/17/2017 01:25 PM, Anthony Scarpino wrote:

> Oh yeah. I had forgot to resync to get your change.  Thanks for the reminder.
>
> Tony
>
>> On Mar 17, 2017, at 1:06 PM, Sean Mullan <[hidden email]> wrote:
>>
>> Looks good to me. Please also include the recent fix to disable SHA-1 TLS Server certificates in this backport: https://bugs.openjdk.java.net/browse/JDK-8176503
>>
>> --Sean
>>
>>> On 3/16/17 1:04 AM, Anthony Scarpino wrote:
>>> Hi,
>>>
>>> I need a review of this large backport of the weak algorithm checking
>>> code to jdk8.
>>>
>>> In mosts cases the changes are either identical or 95% of what is in
>>> jdk9, the below two files deviate the most from jdk9 because of other
>>> jdk9 features:
>>>  src/share/classes/sun/security/ssl/SSLContextImpl.java
>>>  src/share/classes/sun/security/validator/PKIXValidator.java
>>>
>>> http://cr.openjdk.java.net/~ascarpino/8176536/webrev/
>>>
>>> thanks
>>>
>>> Tony
>

Reply | Threaded
Open this post in threaded view
|

Re: RFR 8176536: Backport weak algorithms checking

Sean Mullan
Looks good.

Thanks,
Sean

On 3/20/17 5:02 PM, Anthony Scarpino wrote:

> Hi Sean,
>
> I updated the webrev with your recent change.  One you ok this, I'll
> request approval for backport.
>
> http://cr.openjdk.java.net/~ascarpino/8176536/webrev.01/
>
> thanks
>
> Tony
>
>
> On 03/17/2017 01:25 PM, Anthony Scarpino wrote:
>> Oh yeah. I had forgot to resync to get your change.  Thanks for the
>> reminder.
>>
>> Tony
>>
>>> On Mar 17, 2017, at 1:06 PM, Sean Mullan <[hidden email]> wrote:
>>>
>>> Looks good to me. Please also include the recent fix to disable SHA-1
>>> TLS Server certificates in this backport:
>>> https://bugs.openjdk.java.net/browse/JDK-8176503
>>>
>>> --Sean
>>>
>>>> On 3/16/17 1:04 AM, Anthony Scarpino wrote:
>>>> Hi,
>>>>
>>>> I need a review of this large backport of the weak algorithm checking
>>>> code to jdk8.
>>>>
>>>> In mosts cases the changes are either identical or 95% of what is in
>>>> jdk9, the below two files deviate the most from jdk9 because of other
>>>> jdk9 features:
>>>>  src/share/classes/sun/security/ssl/SSLContextImpl.java
>>>>  src/share/classes/sun/security/validator/PKIXValidator.java
>>>>
>>>> http://cr.openjdk.java.net/~ascarpino/8176536/webrev/
>>>>
>>>> thanks
>>>>
>>>> Tony
>>
>