[jdk21u-dev] RFR: 8350807: Certificates using MD5 algorithm that are disabled by default are incorrectly allowed in TLSv1.3 when re-enabled
Goetz Lindenmaier
goetz at openjdk.org
Sat Aug 23 18:55:32 UTC 2025
I backport this for parity with 21.0.9-oracle.
Resolved one copyright. It is already at 2025.
But test MD5NotAllowedInTLS13CertificateSignature.java is failing.
It throws ArrayIndexOutOfBoundsException: Index 0 out of bounds for length 0
at MD5NotAllowedInTLS13CertificateSignature.lambda$main$1(MD5NotAllowedInTLS13CertificateSignature.java:100)
It expects an array of length 1 containing the exception javax.net.ssl.SSLHandshakeException: (bad_certificate) PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on signature algorithm: MD5withRSA
All other testing, i.e. our nighlties and the tests touched here, pass.
-------------
Commit messages:
- fix test
- backport abb23828f9dc5f4cdb75d5b924dd6f45925102cd
Changes: https://git.openjdk.org/jdk21u-dev/pull/2085/files
Webrev: https://webrevs.openjdk.org/?repo=jdk21u-dev&pr=2085&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8350807
Stats: 481 lines in 16 files changed: 299 ins; 130 del; 52 mod
Patch: https://git.openjdk.org/jdk21u-dev/pull/2085.diff
Fetch: git fetch https://git.openjdk.org/jdk21u-dev.git pull/2085/head:pull/2085
PR: https://git.openjdk.org/jdk21u-dev/pull/2085
More information about the jdk-updates-dev
mailing list