[jdk11u-dev] RFR: 8263188: JSSE should fail fast if there isn't supported signature algorithm [v3]

Severin Gehwolf sgehwolf at openjdk.org
Fri Dec 5 09:36:12 UTC 2025 

On Fri, 5 Dec 2025 08:23:47 GMT, Antonio Vieiro <avieiro at openjdk.org> wrote:

>> Clean backport of [JDK-8263188](https://bugs.openjdk.org/browse/JDK-8263188) to JDK11. 
>> 
>> It will make it easier to backport and review  [JDK-8349583](https://bugs.openjdk.org/browse/JDK-8349583) and [JDK-8340321](https://bugs.openjdk.org/browse/JDK-8340321) , so OpenJDK 11 [follows the Oracle JRE and JDK Cryptographic Roadmap on 2026/01](https://www.java.com/en/jre-jdk-cryptoroadmap.html) by disabling SHA-1 in TLS/DTLS 1.2 handshake signatures.
>> 
>> Since JDK11 does not sport the `ByteBuffer.slice(int, int)` method in JDK17 (used in `test/jdk/sun/security/ssl/SignatureScheme/SigAlgosExtTestWithTLS12.java`), a second commit adds an equivalent and updates the test.
>> 
>> Tested on Linux with `tier1` tests:
>> 
>> 
>> ==============================
>> Test summary
>> ==============================
>>    TEST                                              TOTAL  PASS  FAIL ERROR   
>>    jtreg:test/hotspot/jtreg:tier1                     1497  1497     0     0   
>>    jtreg:test/jdk:tier1                               1899  1899     0     0   
>>    jtreg:test/langtools:tier1                         3941  3941     0     0   
>>    jtreg:test/nashorn:tier1                              0     0     0     0   
>>    jtreg:test/jaxp:tier1                                 0     0     0     0   
>> ==============================
>> TEST SUCCESS
>> 
>> 
>> Also security tests (including new ones) pass:
>> 
>> 
>> ==============================
>> Test summary
>> ==============================
>>    TEST                                              TOTAL  PASS  FAIL ERROR   
>>    jtreg:test/jdk/sun/security                         664   664     0     0   
>> ==============================
>> TEST SUCCESS
>
> Antonio Vieiro has updated the pull request incrementally with one additional commit since the last revision:
> 
>   8364597: Replace THL A29 Limited with Tencent

Please don't add 8364597 to the issues list. It's already done for 11u. That's the business we are in when doing backports. Remember when to adjust a backport if they came in out-of-order.

-------------

PR Comment: https://git.openjdk.org/jdk11u-dev/pull/3126#issuecomment-3616015758

More information about the jdk-updates-dev mailing list