New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Respect jdk.tls.namedGroups when using native SSL implementation #11660
Conversation
Motivation: When using the JDK implementation for SSL its possible to adjust the used named groups. We should allow to do this as well and also select some default groups that will reduce the number of roundtrips. Modifications: - Upgrade netty-tcnative so we can set the curves - Respect jdk.tls.namedGroups - Use default groups of "P-256", "P-384", "X25519" so its compatible with what the JDK versions < 13 support as well. Result: Be able to set the used groups
This depends on netty/netty-tcnative#661 |
Co-authored-by: Nitesh Kant <nitesh_kant@apple.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One more thing
) Motivation: When using the JDK implementation for SSL its possible to adjust the used named groups. We should allow to do this as well and also select some default groups that will reduce the number of roundtrips. Modifications: - Upgrade netty-tcnative so we can set the curves - Respect jdk.tls.namedGroups - Use default groups of "P-256", "P-384", "X25519" so its compatible with what the JDK versions < 13 support as well. Result: Be able to set the used groups Co-authored-by: Nitesh Kant <nitesh_kant@apple.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
/** | ||
* Convert java naming to OpenSSL naming if possible and if not return the original name. | ||
*/ | ||
final class GroupsConverter { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi Norman, I am a bit late to comment. but can we make this class as well public?
…ty#11660) Motivation: When using the JDK implementation for SSL its possible to adjust the used named groups. We should allow to do this as well and also select some default groups that will reduce the number of roundtrips. Modifications: - Upgrade netty-tcnative so we can set the curves - Respect jdk.tls.namedGroups - Use default groups of "P-256", "P-384", "X25519" so its compatible with what the JDK versions < 13 support as well. Result: Be able to set the used groups Co-authored-by: Nitesh Kant <nitesh_kant@apple.com>
…ty#11660) Motivation: When using the JDK implementation for SSL its possible to adjust the used named groups. We should allow to do this as well and also select some default groups that will reduce the number of roundtrips. Modifications: - Upgrade netty-tcnative so we can set the curves - Respect jdk.tls.namedGroups - Use default groups of "P-256", "P-384", "X25519" so its compatible with what the JDK versions < 13 support as well. Result: Be able to set the used groups Co-authored-by: Nitesh Kant <nitesh_kant@apple.com>
…ty#11660) Motivation: When using the JDK implementation for SSL its possible to adjust the used named groups. We should allow to do this as well and also select some default groups that will reduce the number of roundtrips. Modifications: - Upgrade netty-tcnative so we can set the curves - Respect jdk.tls.namedGroups - Use default groups of "P-256", "P-384", "X25519" so its compatible with what the JDK versions < 13 support as well. Result: Be able to set the used groups Co-authored-by: Nitesh Kant <nitesh_kant@apple.com>
Motivation:
When using the JDK implementation for SSL its possible to adjust the used named groups. We should allow to do this as well and also select some default groups that will reduce the number of roundtrips.
Modifications:
Result:
Be able to set the used groups