[jdk11u-dev] RFR: 8263188: JSSE should fail fast if there isn't supported signature algorithm
Antonio Vieiro
avieiro at openjdk.org
Thu Dec 4 10:15:54 UTC 2025
On Thu, 27 Nov 2025 10:16:56 GMT, Antonio Vieiro <avieiro at openjdk.org> wrote:
> Clean backport of [JDK-8263188](https://bugs.openjdk.org/browse/JDK-8263188) to JDK11.
>
> It will make it easier to backport and review [JDK-8349583](https://bugs.openjdk.org/browse/JDK-8349583) and [JDK-8340321](https://bugs.openjdk.org/browse/JDK-8340321) , so OpenJDK 11 [follows the Oracle JRE and JDK Cryptographic Roadmap on 2026/01](https://www.java.com/en/jre-jdk-cryptoroadmap.html) by disabling SHA-1 in TLS/DTLS 1.2 handshake signatures.
>
> Since JDK11 does not sport the `ByteBuffer.slice(int, int)` method in JDK17 (used in `test/jdk/sun/security/ssl/SignatureScheme/SigAlgosExtTestWithTLS12.java`), a second commit adds an equivalent and updates the test.
>
> Tested on Linux with `tier1` tests:
>
>
> ==============================
> Test summary
> ==============================
> TEST TOTAL PASS FAIL ERROR
> jtreg:test/hotspot/jtreg:tier1 1497 1497 0 0
> jtreg:test/jdk:tier1 1899 1899 0 0
> jtreg:test/langtools:tier1 3941 3941 0 0
> jtreg:test/nashorn:tier1 0 0 0 0
> jtreg:test/jaxp:tier1 0 0 0 0
> ==============================
> TEST SUCCESS
>
>
> Also security tests (including new ones) pass:
>
>
> ==============================
> Test summary
> ==============================
> TEST TOTAL PASS FAIL ERROR
> jtreg:test/jdk/sun/security 664 664 0 0
> ==============================
> TEST SUCCESS
I've rebased on master to get the recently merged JDK-8341964 and JDK-8245545 on this branch.
And retested with `run-test-jdk_security`:
==============================
Test summary
==============================
TEST TOTAL PASS FAIL ERROR
jtreg:test/jdk:jdk_security 1361 1361 0 0
==============================
TEST SUCCESS
-------------
PR Comment: https://git.openjdk.org/jdk11u-dev/pull/3126#issuecomment-3611295749
More information about the jdk-updates-dev
mailing list