git: openjdk/jdk21u-dev: master: 8350807: Certificates using MD5 algorithm that are disabled by default are incorrectly allowed in TLSv1.3 when re-enabled
Goetz Lindenmaier
goetz at openjdk.org
Mon Sep 1 11:40:18 UTC 2025
Changeset: 1cdf8f54
Branch: master
Author: Goetz Lindenmaier <goetz at openjdk.org>
Date: 2025-09-01 11:37:16 +0000
URL: https://git.openjdk.org/jdk21u-dev/commit/1cdf8f5497f2b986c13a1c263d806a31d67fe015
8350807: Certificates using MD5 algorithm that are disabled by default are incorrectly allowed in TLSv1.3 when re-enabled
Reviewed-by: mbaesken
Backport-of: abb23828f9dc5f4cdb75d5b924dd6f45925102cd
! src/java.base/share/classes/sun/security/ssl/CertSignAlgsExtension.java
! src/java.base/share/classes/sun/security/ssl/CertificateMessage.java
! src/java.base/share/classes/sun/security/ssl/CertificateRequest.java
! src/java.base/share/classes/sun/security/ssl/ClientHello.java
! src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java
! src/java.base/share/classes/sun/security/ssl/ServerHello.java
! src/java.base/share/classes/sun/security/ssl/SessionTicketExtension.java
! src/java.base/share/classes/sun/security/ssl/SignatureAlgorithmsExtension.java
! src/java.base/share/classes/sun/security/ssl/SignatureScheme.java
! test/jdk/javax/net/ssl/HttpsURLConnection/CriticalSubjectAltName.java
! test/jdk/javax/net/ssl/templates/SSLSocketTemplate.java
! test/jdk/sun/net/www/protocol/https/HttpsURLConnection/DNSIdentities.java
! test/jdk/sun/net/www/protocol/https/HttpsURLConnection/IPAddressIPIdentities.java
! test/jdk/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java
! test/jdk/sun/net/www/protocol/https/HttpsURLConnection/Identities.java
+ test/jdk/sun/security/ssl/SignatureScheme/MD5NotAllowedInTLS13CertificateSignature.java
More information about the jdk-updates-changes
mailing list