[jdk21u-dev] RFR: 8350807: Certificates using MD5 algorithm that are disabled by default are incorrectly allowed in TLSv1.3 when re-enabled
Goetz Lindenmaier
goetz at openjdk.org
Wed Aug 27 13:43:53 UTC 2025
On Wed, 27 Aug 2025 12:14:08 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:
>> I backport this for parity with 21.0.9-oracle.
>>
>> Resolved one copyright. It is already at 2025.
>>
>> But test MD5NotAllowedInTLS13CertificateSignature.java is failing.
>> It throws ArrayIndexOutOfBoundsException: Index 0 out of bounds for length 0
>> at MD5NotAllowedInTLS13CertificateSignature.lambda$main$1(MD5NotAllowedInTLS13CertificateSignature.java:100)
>>
>> It expects an array of length 1 containing the exception javax.net.ssl.SSLHandshakeException: (bad_certificate) PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on signature algorithm: MD5withRSA
>>
>> All other testing, i.e. our nighlties and the tests touched here, pass.
>
> Otherwise looks okay to me, thanks for backporting.
Hi @MBaesken
the copyright of that file already lists 2025 in 21.
Thanks for the review.
-------------
PR Comment: https://git.openjdk.org/jdk21u-dev/pull/2085#issuecomment-3228257817
More information about the jdk-updates-dev
mailing list