8209992: Align SSLSocket and SSLEngine Javadocs #26484
Conversation
|
👋 Welcome back abarashev! A progress list of the required criteria for merging this PR into |
|
@artur-oracle This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be: You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 145 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
|
@artur-oracle The following labels will be automatically applied to this pull request:
When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing lists. If you would like to change these labels, use the /label pull request command. |
Webrevs
|
There was a problem hiding this comment.
The renegotiation wording should probably updated in both the SSLSocket/SSLEngine section. As was pointed out, TLSv1.3 is not a full renegotiation.
You could soften some of the wording with something like (needs wordsmithing):
The behavior of this method is protocol- and possibly implementation- dependent: For
example, in TLSv1.2 and earlier could do X, and in TLSv1.3 calling this method would do
Y.
I think the submitter was also asking for a similar layout/wording between the two, while highlighting the differences where needed. This would make the learning curve a bit smaller.
This probably will need a CSR.
Good point, I pushed an update. While both methods are similar, they are not the same due to the very nature of SSLEngine. So I made the first 2 paragraphs of the javadoc the same for both methods, the highlighting the differences follows in next paragraphs. |
There was a problem hiding this comment.
A few thoughts.
- We usually set the first sentence in a paragraph by itself in javadoc.
- Believe it or not, we had to artificially create a different method name when creating
SSLEnginebetweenstartHandshake()andbeginHandshake(): (startimplies it completes synchronously, whereasbeginonly begins it. Yeah, that's a pretty vague meaning, but it was forced on us in JDK 1.5 whenSSLEnginewas created.) So should keep the wording similar in the javadoc. In TLSv1.3 and later versions: we don't know what the handshaking will be like in the next version of TLS, so I'd like to just keep asIn TLSv1.3.
These comments apply to both SSLEngine/SSLSocket. Just the intro sentence needs to change for SSLEngine.
I'll review the changes in the CSR after you've looked over this.
Some minor nits/formats change suggestions:
diff --git a/src/java.base/share/classes/javax/net/ssl/SSLSocket.java b/src/java.base/share/classes/javax/net/ssl/SSLSocket.java
index ca930c7fb83..bfced714825 100644
--- a/src/java.base/share/classes/javax/net/ssl/SSLSocket.java
+++ b/src/java.base/share/classes/javax/net/ssl/SSLSocket.java
@@ -502,16 +502,18 @@ public abstract void removeHandshakeCompletedListener(
/**
- * Initiates handshaking on this connection. Common reasons include a need
- * to initiate a new session, to use new encryption keys or to change
- * cipher suites. To force complete reauthentication, the current session
- * could be invalidated before starting this handshake.
+ * Starts handshaking on this {@code SSLSocket}. (or for)
+ * Begins handshaking on this {@code SSLEngine}.
+ * <P>
+ * Common reasons include a need to initiate a new protected session,
+ * create new encryption keys, or to change cipher suites. To force
+ * complete reauthentication, the current session should be invalidated
+ * before starting this handshake.
* <P>
* The behavior of this method is protocol (and possibly implementation)
- * dependent. For example, in TLSv1.3 and later versions calling this
- * method after the connection has been established will force producing
- * a KeyUpdate message. For prior TLS versions it will force a
- * renegotiation (re-handshake).
+ * dependent. For example, in TLSv1.3 calling this method after the
+ * connection has been established will force a key update. For prior TLS
+ * versions it will force a renegotiation (re-handshake).
* <P>
* If data has already been sent on the connection, it continues
* to flow during this handshake. When the handshake completes, this
openjdk
bot
added
ready
|
/integrate |
|
Going to push as commit 6c52b73.
Your commit was automatically rebased without conflicts. |
openjdk
bot
removed
ready
|
@artur-oracle Pushed as commit 6c52b73. 💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored. |
Add a javadoc paragraph to SSLSocket.startHandshake() and SSLEngine.beginHandshake() methods explaining behavioral differences between TLSv1.3+ and TLSv1.2- versions.
Progress
Issues
Reviewers
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/26484/head:pull/26484$ git checkout pull/26484Update a local copy of the PR:
$ git checkout pull/26484$ git pull https://git.openjdk.org/jdk.git pull/26484/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 26484View PR using the GUI difftool:
$ git pr show -t 26484Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/26484.diff
Using Webrev
Link to Webrev Comment